CVE-2022-50554

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s block management queue (blk-mq) subsystem where a double queue rq() call can occur due to early timeouts. This can be triggered in virtual machine use cases with long vmexit latency or preempt latency of a vCPU pthread, or long page faults within a vCPU pthread. The issue arises when a block I/O request times out before being queued to the hardware, but after blk mq start request() is called during queue rq(). The timeout handler then attempts to requeue the request, leading to the double queue rq() call and potentially a kernel panic. The root cause is a race condition between timeout and completion, which is typically the driver’s responsibility to handle. However, this can be a common problem across multiple drivers and difficult to resolve comprehensively.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.