CVE-2022-49901

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak issue has been identified in the Linux kernel, specifically in the blk-mq module. The leak occurs when the blk mq init allocated queue function is called, and the q->ma ops is set to NULL before blk release queue is called. This results in a kmemleak, causing unreferenced objects to remain in memory. The issue is caused by the failure of blk mq alloc and init hctx when i is not equal to 0, leading to the allocation of hctxs that are not properly cleaned up. The estimated number of potentially affected devices worldwide is not available.

Technical details about exploitation include:

Recommendations To resolve the issue, call blk release queue in the exception path. This will ensure that the hctxs in q->unused hctx list are properly cleaned up, preventing the memory leak. As a temporary workaround, consider disabling the blk mq init allocated queue function until a patch is available. Restrict access to the vulnerable blk-mq module to minimize the risk of exploitation. Avoid using the q->ma ops variable in the affected code path until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.