CVE-2022-50530

MEDIUM

Linux Kernel 5.16-6.0.6 - Null Pointer Dereference in blk_mq_clear_rq_mapping

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() Our syzkaller report a null pointer dereference, root cause is following: __blk_mq_alloc_map_and_rqs set->tags[hctx_idx] = blk_mq_alloc_map_and_rqs blk_mq_alloc_map_and_rqs blk_mq_alloc_rqs // failed due to oom alloc_pages_node // set->tags[hctx_idx] is still NULL blk_mq_free_rqs drv_tags = set->tags[hctx_idx]; // null pointer dereference is triggered blk_mq_clear_rq_mapping(drv_tags, ...) This is because commit 63064be150e4 ("blk-mq: Add blk_mq_alloc_map_and_rqs()") merged the two steps: 1) set->tags[hctx_idx] = blk_mq_alloc_rq_map() 2) blk_mq_alloc_rqs(..., set->tags[hctx_idx]) into one step: set->tags[hctx_idx] = blk_mq_alloc_map_and_rqs() Since tags is not initialized yet in this case, fix the problem by checking if tags is NULL pointer in blk_mq_clear_rq_mapping().

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/6a440e6d04431e774dc084abe88c106e2a474c1a

Patch

https://git.kernel.org/stable/c/76dd298094f484c6250ebd076fa53287477b2328

Scores

CVSS v3 5.5

EPSS 0.0013

EPSS Percentile 2.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (9)

linux/Kernel 5.16.0 - 6.0.6linux

Linux/Linux < 5.16

Linux/Linux 5.16

Linux/Linux 6.0.6 - 6.0.*

Linux/Linux 6.1

Linux/Linux 63064be150e4b1ba1e4af594ef5aa81adf21a52d - 6a440e6d04431e774dc084abe88c106e2a474c1a

Linux/Linux 63064be150e4b1ba1e4af594ef5aa81adf21a52d - 76dd298094f484c6250ebd076fa53287477b2328

linux/linux_kernel 6.1 rc1

linux/linux_kernel 5.16 - 6.0.6

Published Oct 07, 2025

Tracked Since Feb 18, 2026