CVE-2022-50530

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the block I/O queue management code. Specifically, a null pointer dereference can occur within the blk mq clear rq mapping() function. This issue arises because the set->tags[hctx idx] pointer may not be initialized before being used in the blk mq clear rq mapping() function, leading to a null pointer dereference. The root cause is related to a change introduced by commit 63064be150e4, which combined two separate allocation steps into a single operation. The blk mq alloc map and rqs() function can fail to initialize the tags array element, resulting in a null pointer being passed to blk mq clear rq mapping().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.