| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061826-CVE-2022-49995-2d74@gregkh> Date: Wed, 18 Jun 2025 13:01:00 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-49995: writeback: avoid use-after-free after removing device From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: writeback: avoid use-after-free after removing device When a disk is removed, bdi_unregister gets called to stop further writeback and wait for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation dwork after this has completed, which can result in the timer attempting to access the just freed bdi_writeback. Fix this by checking if the bdi_writeback is alive, similar to when scheduling writeback work. Since this requires wb->work_lock, and wb_inode_writeback_end() may get called from interrupt, switch wb->work_lock to an irqsafe lock. The Linux kernel CVE team has assigned CVE-2022-49995 to this issue. Affected and fixed versions =========================== Issue introduced in 5.15 with commit 45a2966fd64147518dc5bca25f447bd0fb5359ac and fixed in 5.15.64 with commit f96b9f7c1676923bce871e728bb49c0dfa5013cc Issue introduced in 5.15 with commit 45a2966fd64147518dc5bca25f447bd0fb5359ac and fixed in 5.19.6 with commit 9a6c710f3bc10bc9cc23e1c080b53245b7f9d5b7 Issue introduced in 5.15 with commit 45a2966fd64147518dc5bca25f447bd0fb5359ac and fixed in 6.0 with commit f87904c075515f3e1d8f4a7115869d3b914674fd Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49995 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/fs-writeback.c mm/backing-dev.c mm/page-writeback.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/f96b9f7c1676923bce871e728bb49c0dfa5013cc https://git.kernel.org/stable/c/9a6c710f3bc10bc9cc23e1c080b53245b7f9d5b7 https://git.kernel.org/stable/c/f87904c075515f3e1d8f4a7115869d3b914674fd
Powered by blists - more mailing lists