CVE-2022-49394

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel's blk-iolatency module can cause inflight count imbalances and IO hangs when a cgroup is removed while IOs are in flight. This issue occurs because the enabled counter is manipulated in multiple places, including iolatency set limit() and iolatency pd offline(), without properly freezing the request queue. As a result, the inflight counters can become imbalanced, leading to IO hangs. The vulnerability can be demonstrated by turning on iolatency on an empty cgroup while IOs are in flight in other cgroups and then removing the cgroup. If a cgroup with stuck inflight ends up getting throttled, the throttled IOs will never get issued, leading to an indefinite hang.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.