Changhuizhong

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.15.0 Description: The vulnerability is related to the blk-mq component of the Linux kernel, which can cause a kernel NULL pointer dereference when the scsi device is freed before running blk release queue(). This issue can lead to a denial of service. The vulnerability is caused by the fact that the blk-mq dispatch work is not properly canceled in both blk cleanup queue and disk release. Recommendations: To resolve the issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, ensure that the blk-mq dispatch work is properly canceled in both blk cleanup queue and disk release. As a temporary workaround, consider disabling the `blk mq quiesce queue()` function until a patch is available. However, this workaround may have performance implications and should be used with caution. Note: The provided information does not include specific details about the number of potentially affected devices or real-world incidents where this issue was exploited.