ghsa-46q9-g5hq-xpgm
Vulnerability from github
Published
2025-10-01 12:30
Modified
2025-10-01 12:30
Details

In the Linux kernel, the following vulnerability has been resolved:

blk-mq: fix possible memleak when register 'hctx' failed

There's issue as follows when do fault injection test: unreferenced object 0xffff888132a9f400 (size 512): comm "insmod", pid 308021, jiffies 4324277909 (age 509.733s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 08 f4 a9 32 81 88 ff ff ...........2.... 08 f4 a9 32 81 88 ff ff 00 00 00 00 00 00 00 00 ...2............ backtrace: [<00000000e8952bb4>] kmalloc_node_trace+0x22/0xa0 [<00000000f9980e0f>] blk_mq_alloc_and_init_hctx+0x3f1/0x7e0 [<000000002e719efa>] blk_mq_realloc_hw_ctxs+0x1e6/0x230 [<000000004f1fda40>] blk_mq_init_allocated_queue+0x27e/0x910 [<00000000287123ec>] __blk_mq_alloc_disk+0x67/0xf0 [<00000000a2a34657>] 0xffffffffa2ad310f [<00000000b173f718>] 0xffffffffa2af824a [<0000000095a1dabb>] do_one_initcall+0x87/0x2a0 [<00000000f32fdf93>] do_init_module+0xdf/0x320 [<00000000cbe8541e>] load_module+0x3006/0x3390 [<0000000069ed1bdb>] __do_sys_finit_module+0x113/0x1b0 [<00000000a1a29ae8>] do_syscall_64+0x35/0x80 [<000000009cd878b0>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

Fault injection context as follows: kobject_add blk_mq_register_hctx blk_mq_sysfs_register blk_register_queue device_add_disk null_add_dev.part.0 [null_blk]

As 'blk_mq_register_hctx' may already add some objects when failed halfway, but there isn't do fallback, caller don't know which objects add failed. To solve above issue just do fallback when add objects failed halfway in 'blk_mq_register_hctx'.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-50434"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T12:15:35Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: fix possible memleak when register \u0027hctx\u0027 failed\n\nThere\u0027s issue as follows when do fault injection test:\nunreferenced object 0xffff888132a9f400 (size 512):\n  comm \"insmod\", pid 308021, jiffies 4324277909 (age 509.733s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 08 f4 a9 32 81 88 ff ff  ...........2....\n    08 f4 a9 32 81 88 ff ff 00 00 00 00 00 00 00 00  ...2............\n  backtrace:\n    [\u003c00000000e8952bb4\u003e] kmalloc_node_trace+0x22/0xa0\n    [\u003c00000000f9980e0f\u003e] blk_mq_alloc_and_init_hctx+0x3f1/0x7e0\n    [\u003c000000002e719efa\u003e] blk_mq_realloc_hw_ctxs+0x1e6/0x230\n    [\u003c000000004f1fda40\u003e] blk_mq_init_allocated_queue+0x27e/0x910\n    [\u003c00000000287123ec\u003e] __blk_mq_alloc_disk+0x67/0xf0\n    [\u003c00000000a2a34657\u003e] 0xffffffffa2ad310f\n    [\u003c00000000b173f718\u003e] 0xffffffffa2af824a\n    [\u003c0000000095a1dabb\u003e] do_one_initcall+0x87/0x2a0\n    [\u003c00000000f32fdf93\u003e] do_init_module+0xdf/0x320\n    [\u003c00000000cbe8541e\u003e] load_module+0x3006/0x3390\n    [\u003c0000000069ed1bdb\u003e] __do_sys_finit_module+0x113/0x1b0\n    [\u003c00000000a1a29ae8\u003e] do_syscall_64+0x35/0x80\n    [\u003c000000009cd878b0\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nFault injection context as follows:\n kobject_add\n blk_mq_register_hctx\n blk_mq_sysfs_register\n blk_register_queue\n device_add_disk\n null_add_dev.part.0 [null_blk]\n\nAs \u0027blk_mq_register_hctx\u0027 may already add some objects when failed halfway,\nbut there isn\u0027t do fallback, caller don\u0027t know which objects add failed.\nTo solve above issue just do fallback when add objects failed halfway in\n\u0027blk_mq_register_hctx\u0027.",
  "id": "GHSA-46q9-g5hq-xpgm",
  "modified": "2025-10-01T12:30:28Z",
  "published": "2025-10-01T12:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50434"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/02bc8bc6eab03c84373281b85cb6e98747172ff7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/33e8a3f61814ea30615d0fafaf50477975d6c1ca"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4b7a21c57b14fbcd0e1729150189e5933f5088e9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4b7fafa5f39b15c3a6ca3b95e534d05d6904cc95"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/654870789c3c1b9763316ef1c71d7a449127b175"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/87fd18016a47ea8ae12641377a390172c4aa97a7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cb186eb47fb9dd327bdefa15f0c5fc55c53a40dd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e8022da1fa2fdf2fa204b445dd3354e7a66d085a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eff45bfbc25a2509a6362dea6e699e14083c693c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.