CVE-2022-48913

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17.0-rc4-next-20220217+

Description The issue is related to a use-after-free vulnerability in the blktrace component of the Linux kernel. This vulnerability can be triggered when tracing the whole disk, and 'dropped' and 'msg' files are created under 'q->debugfs dir' with 'bt->dir' being NULL, thus blk trace free() won't remove those files. As a result, accessing stale 'dropped' and 'msg' can lead to a use-after-free (UAF) condition. The vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the blktrace use-after-free vulnerability, which is at least version 5.17.0-rc4-next-20220217+. As a temporary workaround, consider disabling the blktrace functionality until a patch is available.