CVE-2022-48846

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.18

Description The issue is related to a memory leak caused by the blkcg init queue() function not properly releasing memory after its effective term of service. This is due to a change in the blk cleanup queue() function, which previously called rq qos exit() to release rq qos structures, but now moves rq qos exit() into del gendisk(), resulting in a memory leak for queues without a disk, such as un-present scsi luns or nvme admin queues. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations To resolve the issue, update to Linux kernel version 5.18 or later, which includes the fix by moving blkcg init queue() and blkcg exit queue() into the disk allocation/release handler. For versions prior to 5.18, consider applying the patch that adds rq qos exit() to blk cleanup queue() to release rq qos structures. As a temporary workaround, consider restricting access to queues without a disk to minimize the risk of exploitation.