CVE-2022-49266

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, related to the block layer and its interaction with the rq-qos (request queue quality of service) subsystem. The issue arose from a change that skipped calling rq qos done bio() for merged bios, leading to confusion in the blk-iocost controller. This caused problems such as intermediate cgroups getting stuck active, preventing their children from being activated. The vulnerability was demonstrated through a benchmark test using resctl-bench, showing poor isolation results without the fix. The issue is resolved by introducing a new flag BIO QOS MERGED to mark merged bios and calling rq qos done bio() on them, and renaming BIO TRACKED to BIO QOS THROTTLED for consistency.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.