CVE-2022-49720

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, related to the handling of offline queues in the blk mq alloc request hctx() function. This issue could trigger an array-index-out-of-bounds error, as indicated by the UBSAN (Undefined Behavior Sanitizer) report, showing an index of 512 being out of range for a 'long unsigned int [512]' type. The error occurs in the block/blk-mq.h file at line 135, column 9. The call trace suggests that this issue is related to the NVMe (Non-Volatile Memory Express) subsystem, specifically involving functions like nvme submit sync cmd() and nvmf connect io queue().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.