CVE-2022-49465

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue has been identified in the Linux kernel, specifically in the blk-throttle component. This issue occurs when a bio (block I/O request) is throttled and the BIO THROTTLED flag is set after the timer starts. If the bio has already been completed, it may cause a use-after-free error. The issue is related to the blk throtl bio() function and the bio structure. The estimated number of potentially affected devices is not provided.

Recommendations To resolve this issue, apply the fix that moves the BIO THROTTLED set into the queue lock. This change ensures that the BIO THROTTLED flag is set while holding the queue lock, preventing the use-after-free error. As a temporary workaround, consider disabling the blk throtl bio() function until a patch is available. However, this workaround may have performance implications and should be used with caution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.