CVE-2022-49412

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description A vulnerability in the Linux kernel has been identified, which can lead to use-after-free issues. This occurs when the parent of a bfqq changes between the decision to merge two queues and the actual merge operation, potentially resulting in the merge of queues with different parents. This can happen due to various reasons, such as a process submitting IO for a different cgroup, causing the bfqq to be reparented. The issue can lead to use-after-free errors, as seen in the example where the parent cgroup of the bfqq being merged is already offline and being destroyed.

Recommendations For Linux kernel versions prior to the fixed version, the issue can be resolved by applying a patch that checks if the parent of the two bfqqs being merged in bfq setup merge() is the same, thus avoiding the merge of queues with different parents. At the moment, there is no information about a newer version that contains a fix for this vulnerability.