CVE-2022-50092

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0-rc6

Description A use-after-free issue has been identified in the Linux kernel, specifically in the dm sm register threshold callback function. This issue can be triggered when a metadata commit fails, causing the transaction to be aborted and the metadata space maps to be destroyed. If a DM table reload then happens for this failed thin-pool, a use-after-free will occur. The issue can be reproduced using specific commands, including echoing "offline" to /sys/block/sda/device/state, using dd to write to /dev/mapper/thin, and loading a pool using dmsetup.

Recommendations For Linux kernel versions prior to 5.19.0-rc6, consider updating to a newer version to resolve the issue. As a temporary workaround, consider disabling the dm sm register threshold callback function until a patch is available. Additionally, restrict access to the dm pool register metadata threshold function to minimize the risk of exploitation. Avoid using the dmsetup command with the load pool option until the issue is resolved.