CVE-2022-49411
Published: 26 February 2025
Description
In the Linux kernel, the following vulnerability has been resolved: bfq: Make sure bfqg for which we are queueing requests is online Bios queued into BFQ IO scheduler can be associated with a cgroup that was already offlined. This may then cause insertion of this bfq_group into a service tree. But this bfq_group will get freed as soon as last bio associated with it is completed leading to use after free issues for service tree users. Fix the problem by making sure we always operate on online bfq_group. If the bfq_group associated with the bio is not online, we pick the first online parent.
Security Summary
CVE-2022-49411 is a use-after-free vulnerability in the Linux kernel's BFQ I/O scheduler. It arises when I/O requests, known as bios, are queued for a bfq_group (bfqg) associated with a cgroup that has already been offlined. This can result in the bfq_group being inserted into a service tree, only for it to be freed upon completion of the last associated bio, leading to use-after-free conditions for service tree users. The issue is classified under CWE-416 with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. Successful exploitation could grant high impacts on confidentiality, integrity, and availability, potentially enabling arbitrary code execution, data corruption, or denial of service through kernel memory corruption.
Mitigation is provided through patches in Linux kernel stable releases, as detailed in the referenced commits (e.g., 075a53b78b815301f8d3dd1ee2cd99554e34f0dd, 51f724bffa3403a5236597e6b75df7329c1ec6e9). These fixes ensure that queuing operations always target online bfq_groups, falling back to the first online parent group if the associated bfq_group is not online. Security practitioners should apply these kernel updates to affected systems.
Details
- CWE(s)