vulnerability
Ubuntu: (CVE-2022-49411): linux vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:L/Au:S/C:C/I:N/A:C) | 02/26/2025 | 03/03/2025 | 03/19/2025 |
Severity
6
CVSS
(AV:L/AC:L/Au:S/C:C/I:N/A:C)
Published
02/26/2025
Added
03/03/2025
Modified
03/19/2025
Description
In the Linux kernel, the following vulnerability has been resolved:
bfq: Make sure bfqg for which we are queueing requests is online
Bios queued into BFQ IO scheduler can be associated with a cgroup that
was already offlined. This may then cause insertion of this bfq_group
into a service tree. But this bfq_group will get freed as soon as last
bio associated with it is completed leading to use after free issues for
service tree users. Fix the problem by making sure we always operate on
online bfq_group. If the bfq_group associated with the bio is not
online, we pick the first online parent.
Solution(s)
ubuntu-upgrade-linuxubuntu-upgrade-linux-awsubuntu-upgrade-linux-aws-5-15ubuntu-upgrade-linux-aws-5-4ubuntu-upgrade-linux-aws-fipsubuntu-upgrade-linux-azureubuntu-upgrade-linux-azure-5-15ubuntu-upgrade-linux-azure-5-4ubuntu-upgrade-linux-azure-fipsubuntu-upgrade-linux-bluefieldubuntu-upgrade-linux-fipsubuntu-upgrade-linux-gcpubuntu-upgrade-linux-gcp-5-15ubuntu-upgrade-linux-gcp-5-4ubuntu-upgrade-linux-gcp-fipsubuntu-upgrade-linux-gkeubuntu-upgrade-linux-gkeopubuntu-upgrade-linux-hwe-5-15ubuntu-upgrade-linux-hwe-5-4ubuntu-upgrade-linux-ibmubuntu-upgrade-linux-ibm-5-4ubuntu-upgrade-linux-intel-iotgubuntu-upgrade-linux-intel-iotg-5-15ubuntu-upgrade-linux-iotubuntu-upgrade-linux-kvmubuntu-upgrade-linux-lowlatencyubuntu-upgrade-linux-lowlatency-hwe-5-15ubuntu-upgrade-linux-nvidiaubuntu-upgrade-linux-oracleubuntu-upgrade-linux-oracle-5-15ubuntu-upgrade-linux-oracle-5-4ubuntu-upgrade-linux-raspiubuntu-upgrade-linux-raspi-5-4ubuntu-upgrade-linux-realtimeubuntu-upgrade-linux-riscv-5-15
References
- CVE-2022-49411
- https://attackerkb.com/topics/CVE-2022-49411
- URL-https://git.kernel.org/linus/075a53b78b815301f8d3dd1ee2cd99554e34f0dd
- URL-https://git.kernel.org/stable/c/075a53b78b815301f8d3dd1ee2cd99554e34f0dd
- URL-https://git.kernel.org/stable/c/51f724bffa3403a5236597e6b75df7329c1ec6e9
- URL-https://git.kernel.org/stable/c/6ee0868b0c3ccead5907685fcdcdd0c08dfe4b0b
- URL-https://git.kernel.org/stable/c/7781c38552e6cc54ed8e9040279561340516b881
- URL-https://git.kernel.org/stable/c/97bd6c56bdcb41079e488e31df56809e3b2ce628
- URL-https://git.kernel.org/stable/c/ccddf8cd411c1800863ed357064e56ceffd356bb
- URL-https://www.cve.org/CVERecord?id=CVE-2022-49411
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.