CVE-2022-49786 (GCVE-0-2022-49786)
Vulnerability from cvelistv5
Published
2025-05-01 14:09
Modified
2025-05-04 08:45
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: properly pin the parent in blkcg_css_online blkcg_css_online is supposed to pin the blkcg of the parent, but 397c9f46ee4d refactored things and along the way, changed it to pin the css instead. This results in extra pins, and we end up leaking blkcgs and cgroups.
Impacted products
Vendor Product Version
Linux Linux Version: 397c9f46ee4d99024c64954b007c1b5762d01cb4
Version: 397c9f46ee4d99024c64954b007c1b5762d01cb4
Create a notification for this product.
   Linux Linux Version: 5.19
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "block/blk-cgroup.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d118247e404d6338f7b90636a3c6b95a387ed163",
              "status": "affected",
              "version": "397c9f46ee4d99024c64954b007c1b5762d01cb4",
              "versionType": "git"
            },
            {
              "lessThan": "d7dbd43f4a828fa1d9a8614d5b0ac40aee6375fe",
              "status": "affected",
              "version": "397c9f46ee4d99024c64954b007c1b5762d01cb4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "block/blk-cgroup.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.19"
            },
            {
              "lessThan": "5.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.10",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: properly pin the parent in blkcg_css_online\n\nblkcg_css_online is supposed to pin the blkcg of the parent, but\n397c9f46ee4d refactored things and along the way, changed it to pin the\ncss instead.  This results in extra pins, and we end up leaking blkcgs\nand cgroups."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:45:20.699Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d118247e404d6338f7b90636a3c6b95a387ed163"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7dbd43f4a828fa1d9a8614d5b0ac40aee6375fe"
        }
      ],
      "title": "blk-cgroup: properly pin the parent in blkcg_css_online",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49786",
    "datePublished": "2025-05-01T14:09:18.954Z",
    "dateReserved": "2025-05-01T14:05:17.223Z",
    "dateUpdated": "2025-05-04T08:45:20.699Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-49786\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-05-01T15:16:01.813\",\"lastModified\":\"2025-05-02T13:53:20.943\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nblk-cgroup: properly pin the parent in blkcg_css_online\\n\\nblkcg_css_online is supposed to pin the blkcg of the parent, but\\n397c9f46ee4d refactored things and along the way, changed it to pin the\\ncss instead.  This results in extra pins, and we end up leaking blkcgs\\nand cgroups.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: blk-cgroup: fija correctamente el padre en blkcg_css_online. Se supone que blkcg_css_online fija el blkcg del padre, pero 397c9f46ee4d refactoriz\u00f3 las cosas y, de paso, lo modific\u00f3 para fijar el CSS. Esto genera fijaciones adicionales y terminamos filtrando blkcgs y cgroups.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/d118247e404d6338f7b90636a3c6b95a387ed163\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d7dbd43f4a828fa1d9a8614d5b0ac40aee6375fe\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…