Use-After-Free Vulnerability in Linux Kernel's Block Layer for NVMe Controllers
CVE-2022-50552
What is CVE-2022-50552?
A vulnerability exists in the Linux kernel's block layer, specifically in the handling of NVMe controllers. During the reinitialization of hardware queues, a race condition can occur where the hctx's run_work competes with the elevator switching process. This situation leads to a use-after-free condition. When this happens, the work may be assigned an elevator pointer that is in the process of being torn down, potentially resulting in kernel panics and NULL pointer dereferences. To mitigate this issue, the implementation now employs a quiesced elevator switch during queue reinitialization, ensuring that previous pointers are handled safely and locally.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 63a681bcc32a43528ce0f690569f7f48e59c3963
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8237c01f1696bc53c470493bf1fe092a107648a6