CVE-2022-49413: bfq: Update cgroup information before merging bio
First published: Wed Feb 26 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: bfq: Update cgroup information before merging bio When the process is migrated to a different cgroup (or in case of writeback just starts submitting bios associated with a different cgroup) bfq_merge_bio() can operate with stale cgroup information in bic. Thus the bio can be merged to a request from a different cgroup or it can result in merging of bfqqs for different cgroups or bfqqs of already dead cgroups and causing possible use-after-free issues. Fix the problem by updating cgroup information in bfq_merge_bio().
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| Linux Kernel | >=4.12<5.4.198 | |
| Linux Kernel | >=5.5<5.10.121 | |
| Linux Kernel | >=5.11<5.15.46 | |
| Linux Kernel | >=5.16<5.17.14 | |
| Linux Kernel | >=5.18<5.18.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/da9f3025d595956410ceaab2bea01980d7775948
- https://git.kernel.org/stable/c/b06691af08b41dfd81052a3362514d9827b44bb1
- https://git.kernel.org/stable/c/e8821f45612f2e6d9adb9c6ba0fb4184f57692aa
- https://git.kernel.org/stable/c/d9165200c5627a2cf4408eefabdf0058bdf95e1a
- https://git.kernel.org/stable/c/2a1077f17169a6059992a0bbdb330e0abad1e6d9
- https://git.kernel.org/stable/c/ea591cd4eb270393810e7be01feb8fde6a34fbbe
Frequently Asked Questions
What is the severity of CVE-2022-49413?
CVE-2022-49413 has been rated with a severity level that reflects its potential impact on the Linux kernel.
How do I fix CVE-2022-49413?
To fix CVE-2022-49413, you need to update your Linux kernel to the latest version that addresses this vulnerability.
Which Linux kernel versions are affected by CVE-2022-49413?
CVE-2022-49413 affects multiple Linux kernel versions ranging from 4.12 to 5.18.3.
What parts of the Linux kernel are impacted by CVE-2022-49413?
CVE-2022-49413 specifically impacts the bfq scheduler component in the Linux kernel.
Is there any workaround for CVE-2022-49413?
Currently, the best approach to mitigate CVE-2022-49413 is to apply the recommended updates to the Linux kernel.
- agent/first-publish-date
- agent/type
- agent/title
- agent/references
- agent/source
- agent/author
- agent/description
- agent/severity
- agent/guess-ai
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.12
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/5.18