CVE-2022-49694

HIGH

Linux Kernel 5.16-5.18.7 - Use-After-Free in Block Elevator

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: block: disable the elevator int del_gendisk The elevator is only used for file system requests, which are stopped in del_gendisk. Move disabling the elevator and freeing the scheduler tags to the end of del_gendisk instead of doing that work in disk_release and blk_cleanup_queue to avoid a use after free on q->tag_set from disk_release as the tag_set might not be alive at that point. Move the blk_qos_exit call as well, as it just depends on the elevator exit and would be the only reason to keep the not exactly cheap queue freeze in disk_release.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/f28699fafc047ec33299da01e928c3a0073c5cc6

Patch

https://git.kernel.org/stable/c/50e34d78815e474d410f342fbe783b18192ca518

Scores

CVSS v3 7.8

EPSS 0.0023

EPSS Percentile 13.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (9)

linux/Kernel 5.16.0 - 5.18.8linux

Linux/Linux < 5.16

Linux/Linux 5.16

Linux/Linux 5.18.8 - 5.18.*

Linux/Linux 5.19

Linux/Linux e155b0c238b20f0a866f4334d292656665836c8a - 50e34d78815e474d410f342fbe783b18192ca518

Linux/Linux e155b0c238b20f0a866f4334d292656665836c8a - f28699fafc047ec33299da01e928c3a0073c5cc6

linux/linux_kernel 5.19 rc1 (3 CPE variants)

linux/linux_kernel 5.16 - 5.18.8

Published Feb 26, 2025

Tracked Since Feb 18, 2026