CVE-2022-49694

CVE-2022-49694 is a use-after-free vulnerability (CWE-416) in the Linux kernel's block layer, specifically affecting the elevator interface during disk teardown operations. The issue arises because the elevator disabling and scheduler tag freeing occur in disk_release and blk_cleanup_queue, potentially leading to a use-after-free of q->tag_set when it is no longer valid. This is resolved by moving these operations, along with blk_qos_exit, to the end of del_gendisk to ensure they happen after filesystem requests are stopped and the queue is properly frozen.

A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction required (UI:N), in a local attack vector (AV:L) with unchanged scope (S:U). Successful exploitation can result in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H), as scored at CVSS 7.8 (CVSS:3.1), potentially allowing arbitrary code execution or system crashes during block device removal.

The provided patch references detail the mitigation: commit 50e34d78815e474d410f342fbe783b18192ca518 and commit f28699fafc047ec33299da01e928c3a0073c5cc6 in the Linux kernel stable tree move the elevator exit, tag_set freeing, and blk_qos_exit to del_gendisk, preventing the use-after-free by ensuring these steps occur after queue freeze and filesystem request cessation. Security practitioners should apply these stable kernel updates to affected systems.