Vulnerability-Lookup

SUSE-SU-2025:02090-1

Vulnerability from csaf_suse - Published: 2025-06-24 12:34 - Updated: 2025-06-24 12:34

Summary

Security update for the Linux Kernel (Live Patch 65 for SLE 12 SP5)

Severity

Important

Notes

Title of the patch: Security update for the Linux Kernel (Live Patch 65 for SLE 12 SP5)

Description of the patch: This update for the Linux Kernel 4.12.14-122_247 fixes several issues. The following security issues were fixed: - CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238730). - CVE-2022-49179: block, bfq: do not move oom_bfqq (bsc#1241331).

Patchnames: SUSE-2025-2090,SUSE-SLE-Live-Patching-12-SP5-2025-2090

CVE-2022-49179

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2022-49545

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

URL

Category

	https://www.suse.com/support/security/rating/	external
	https://ftp.suse.com/pub/projects/security/csaf/s…	self
	https://www.suse.com/support/update/announcement/…	self
	https://lists.suse.com/pipermail/sle-updates/2025…	self
	https://bugzilla.suse.com/1238730	self
	https://bugzilla.suse.com/1241331	self
	https://www.suse.com/security/cve/CVE-2022-49179/	self
	https://www.suse.com/security/cve/CVE-2022-49545/	self
	https://www.suse.com/security/cve/CVE-2022-49179	external
	https://bugzilla.suse.com/1238092	external
	https://www.suse.com/security/cve/CVE-2022-49545	external
	https://bugzilla.suse.com/1238729	external
	https://bugzilla.suse.com/1238730	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 65 for SLE 12 SP5)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 4.12.14-122_247 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238730).\n- CVE-2022-49179: block, bfq: do not move oom_bfqq (bsc#1241331).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-2090,SUSE-SLE-Live-Patching-12-SP5-2025-2090",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02090-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:02090-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502090-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:02090-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040455.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238730",
        "url": "https://bugzilla.suse.com/1238730"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241331",
        "url": "https://bugzilla.suse.com/1241331"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-49179 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-49179/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-49545 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-49545/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 65 for SLE 12 SP5)",
    "tracking": {
      "current_release_date": "2025-06-24T12:34:03Z",
      "generator": {
        "date": "2025-06-24T12:34:03Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:02090-1",
      "initial_release_date": "2025-06-24T12:34:03Z",
      "revision_history": [
        {
          "date": "2025-06-24T12:34:03Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-4_12_14-122_247-default-3-2.1.ppc64le",
                "product": {
                  "name": "kgraft-patch-4_12_14-122_247-default-3-2.1.ppc64le",
                  "product_id": "kgraft-patch-4_12_14-122_247-default-3-2.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-4_12_14-122_247-default-3-2.1.s390x",
                "product": {
                  "name": "kgraft-patch-4_12_14-122_247-default-3-2.1.s390x",
                  "product_id": "kgraft-patch-4_12_14-122_247-default-3-2.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-4_12_14-122_247-default-3-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-4_12_14-122_247-default-3-2.1.x86_64",
                  "product_id": "kgraft-patch-4_12_14-122_247-default-3-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 12 SP5",
                  "product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_12_14-122_247-default-3-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-3-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_12_14-122_247-default-3-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_12_14-122_247-default-3-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-3-2.1.s390x"
        },
        "product_reference": "kgraft-patch-4_12_14-122_247-default-3-2.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_12_14-122_247-default-3-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-3-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_12_14-122_247-default-3-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-49179",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-49179"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: don\u0027t move oom_bfqq\n\nOur test report a UAF:\n\n[ 2073.019181] ==================================================================\n[ 2073.019188] BUG: KASAN: use-after-free in __bfq_put_async_bfqq+0xa0/0x168\n[ 2073.019191] Write of size 8 at addr ffff8000ccf64128 by task rmmod/72584\n[ 2073.019192]\n[ 2073.019196] CPU: 0 PID: 72584 Comm: rmmod Kdump: loaded Not tainted 4.19.90-yk #5\n[ 2073.019198] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n[ 2073.019200] Call trace:\n[ 2073.019203]  dump_backtrace+0x0/0x310\n[ 2073.019206]  show_stack+0x28/0x38\n[ 2073.019210]  dump_stack+0xec/0x15c\n[ 2073.019216]  print_address_description+0x68/0x2d0\n[ 2073.019220]  kasan_report+0x238/0x2f0\n[ 2073.019224]  __asan_store8+0x88/0xb0\n[ 2073.019229]  __bfq_put_async_bfqq+0xa0/0x168\n[ 2073.019233]  bfq_put_async_queues+0xbc/0x208\n[ 2073.019236]  bfq_pd_offline+0x178/0x238\n[ 2073.019240]  blkcg_deactivate_policy+0x1f0/0x420\n[ 2073.019244]  bfq_exit_queue+0x128/0x178\n[ 2073.019249]  blk_mq_exit_sched+0x12c/0x160\n[ 2073.019252]  elevator_exit+0xc8/0xd0\n[ 2073.019256]  blk_exit_queue+0x50/0x88\n[ 2073.019259]  blk_cleanup_queue+0x228/0x3d8\n[ 2073.019267]  null_del_dev+0xfc/0x1e0 [null_blk]\n[ 2073.019274]  null_exit+0x90/0x114 [null_blk]\n[ 2073.019278]  __arm64_sys_delete_module+0x358/0x5a0\n[ 2073.019282]  el0_svc_common+0xc8/0x320\n[ 2073.019287]  el0_svc_handler+0xf8/0x160\n[ 2073.019290]  el0_svc+0x10/0x218\n[ 2073.019291]\n[ 2073.019294] Allocated by task 14163:\n[ 2073.019301]  kasan_kmalloc+0xe0/0x190\n[ 2073.019305]  kmem_cache_alloc_node_trace+0x1cc/0x418\n[ 2073.019308]  bfq_pd_alloc+0x54/0x118\n[ 2073.019313]  blkcg_activate_policy+0x250/0x460\n[ 2073.019317]  bfq_create_group_hierarchy+0x38/0x110\n[ 2073.019321]  bfq_init_queue+0x6d0/0x948\n[ 2073.019325]  blk_mq_init_sched+0x1d8/0x390\n[ 2073.019330]  elevator_switch_mq+0x88/0x170\n[ 2073.019334]  elevator_switch+0x140/0x270\n[ 2073.019338]  elv_iosched_store+0x1a4/0x2a0\n[ 2073.019342]  queue_attr_store+0x90/0xe0\n[ 2073.019348]  sysfs_kf_write+0xa8/0xe8\n[ 2073.019351]  kernfs_fop_write+0x1f8/0x378\n[ 2073.019359]  __vfs_write+0xe0/0x360\n[ 2073.019363]  vfs_write+0xf0/0x270\n[ 2073.019367]  ksys_write+0xdc/0x1b8\n[ 2073.019371]  __arm64_sys_write+0x50/0x60\n[ 2073.019375]  el0_svc_common+0xc8/0x320\n[ 2073.019380]  el0_svc_handler+0xf8/0x160\n[ 2073.019383]  el0_svc+0x10/0x218\n[ 2073.019385]\n[ 2073.019387] Freed by task 72584:\n[ 2073.019391]  __kasan_slab_free+0x120/0x228\n[ 2073.019394]  kasan_slab_free+0x10/0x18\n[ 2073.019397]  kfree+0x94/0x368\n[ 2073.019400]  bfqg_put+0x64/0xb0\n[ 2073.019404]  bfqg_and_blkg_put+0x90/0xb0\n[ 2073.019408]  bfq_put_queue+0x220/0x228\n[ 2073.019413]  __bfq_put_async_bfqq+0x98/0x168\n[ 2073.019416]  bfq_put_async_queues+0xbc/0x208\n[ 2073.019420]  bfq_pd_offline+0x178/0x238\n[ 2073.019424]  blkcg_deactivate_policy+0x1f0/0x420\n[ 2073.019429]  bfq_exit_queue+0x128/0x178\n[ 2073.019433]  blk_mq_exit_sched+0x12c/0x160\n[ 2073.019437]  elevator_exit+0xc8/0xd0\n[ 2073.019440]  blk_exit_queue+0x50/0x88\n[ 2073.019443]  blk_cleanup_queue+0x228/0x3d8\n[ 2073.019451]  null_del_dev+0xfc/0x1e0 [null_blk]\n[ 2073.019459]  null_exit+0x90/0x114 [null_blk]\n[ 2073.019462]  __arm64_sys_delete_module+0x358/0x5a0\n[ 2073.019467]  el0_svc_common+0xc8/0x320\n[ 2073.019471]  el0_svc_handler+0xf8/0x160\n[ 2073.019474]  el0_svc+0x10/0x218\n[ 2073.019475]\n[ 2073.019479] The buggy address belongs to the object at ffff8000ccf63f00\n which belongs to the cache kmalloc-1024 of size 1024\n[ 2073.019484] The buggy address is located 552 bytes inside of\n 1024-byte region [ffff8000ccf63f00, ffff8000ccf64300)\n[ 2073.019486] The buggy address belongs to the page:\n[ 2073.019492] page:ffff7e000333d800 count:1 mapcount:0 mapping:ffff8000c0003a00 index:0x0 compound_mapcount: 0\n[ 2073.020123] flags: 0x7ffff0000008100(slab|head)\n[ 2073.020403] raw: 07ffff0000008100 ffff7e0003334c08 ffff7e00001f5a08 ffff8000c0003a00\n[ 2073.020409] ra\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-3-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-3-2.1.s390x",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-49179",
          "url": "https://www.suse.com/security/cve/CVE-2022-49179"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238092 for CVE-2022-49179",
          "url": "https://bugzilla.suse.com/1238092"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-3-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-3-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-3-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-3-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-3-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-24T12:34:03Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-49179"
    },
    {
      "cve": "CVE-2022-49545",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-49545"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Cancel pending work at closing a MIDI substream\n\nAt closing a USB MIDI output substream, there might be still a pending\nwork, which would eventually access the rawmidi runtime object that is\nbeing released.  For fixing the race, make sure to cancel the pending\nwork at closing.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-3-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-3-2.1.s390x",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-49545",
          "url": "https://www.suse.com/security/cve/CVE-2022-49545"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238729 for CVE-2022-49545",
          "url": "https://bugzilla.suse.com/1238729"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238730 for CVE-2022-49545",
          "url": "https://bugzilla.suse.com/1238730"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-3-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-3-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-3-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-3-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-3-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-24T12:34:03Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-49545"
    }
  ]
}

CVE-2022-49179 (GCVE-0-2022-49179)

Vulnerability from cvelistv5 – Published: 2025-02-26 01:55 – Updated: 2025-05-04 08:31

Title

block, bfq: don't move oom_bfqq

Summary

In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oom_bfqq Our test report a UAF: [ 2073.019181] ================================================================== [ 2073.019188] BUG: KASAN: use-after-free in __bfq_put_async_bfqq+0xa0/0x168 [ 2073.019191] Write of size 8 at addr ffff8000ccf64128 by task rmmod/72584 [ 2073.019192] [ 2073.019196] CPU: 0 PID: 72584 Comm: rmmod Kdump: loaded Not tainted 4.19.90-yk #5 [ 2073.019198] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 [ 2073.019200] Call trace: [ 2073.019203] dump_backtrace+0x0/0x310 [ 2073.019206] show_stack+0x28/0x38 [ 2073.019210] dump_stack+0xec/0x15c [ 2073.019216] print_address_description+0x68/0x2d0 [ 2073.019220] kasan_report+0x238/0x2f0 [ 2073.019224] __asan_store8+0x88/0xb0 [ 2073.019229] __bfq_put_async_bfqq+0xa0/0x168 [ 2073.019233] bfq_put_async_queues+0xbc/0x208 [ 2073.019236] bfq_pd_offline+0x178/0x238 [ 2073.019240] blkcg_deactivate_policy+0x1f0/0x420 [ 2073.019244] bfq_exit_queue+0x128/0x178 [ 2073.019249] blk_mq_exit_sched+0x12c/0x160 [ 2073.019252] elevator_exit+0xc8/0xd0 [ 2073.019256] blk_exit_queue+0x50/0x88 [ 2073.019259] blk_cleanup_queue+0x228/0x3d8 [ 2073.019267] null_del_dev+0xfc/0x1e0 [null_blk] [ 2073.019274] null_exit+0x90/0x114 [null_blk] [ 2073.019278] __arm64_sys_delete_module+0x358/0x5a0 [ 2073.019282] el0_svc_common+0xc8/0x320 [ 2073.019287] el0_svc_handler+0xf8/0x160 [ 2073.019290] el0_svc+0x10/0x218 [ 2073.019291] [ 2073.019294] Allocated by task 14163: [ 2073.019301] kasan_kmalloc+0xe0/0x190 [ 2073.019305] kmem_cache_alloc_node_trace+0x1cc/0x418 [ 2073.019308] bfq_pd_alloc+0x54/0x118 [ 2073.019313] blkcg_activate_policy+0x250/0x460 [ 2073.019317] bfq_create_group_hierarchy+0x38/0x110 [ 2073.019321] bfq_init_queue+0x6d0/0x948 [ 2073.019325] blk_mq_init_sched+0x1d8/0x390 [ 2073.019330] elevator_switch_mq+0x88/0x170 [ 2073.019334] elevator_switch+0x140/0x270 [ 2073.019338] elv_iosched_store+0x1a4/0x2a0 [ 2073.019342] queue_attr_store+0x90/0xe0 [ 2073.019348] sysfs_kf_write+0xa8/0xe8 [ 2073.019351] kernfs_fop_write+0x1f8/0x378 [ 2073.019359] __vfs_write+0xe0/0x360 [ 2073.019363] vfs_write+0xf0/0x270 [ 2073.019367] ksys_write+0xdc/0x1b8 [ 2073.019371] __arm64_sys_write+0x50/0x60 [ 2073.019375] el0_svc_common+0xc8/0x320 [ 2073.019380] el0_svc_handler+0xf8/0x160 [ 2073.019383] el0_svc+0x10/0x218 [ 2073.019385] [ 2073.019387] Freed by task 72584: [ 2073.019391] __kasan_slab_free+0x120/0x228 [ 2073.019394] kasan_slab_free+0x10/0x18 [ 2073.019397] kfree+0x94/0x368 [ 2073.019400] bfqg_put+0x64/0xb0 [ 2073.019404] bfqg_and_blkg_put+0x90/0xb0 [ 2073.019408] bfq_put_queue+0x220/0x228 [ 2073.019413] __bfq_put_async_bfqq+0x98/0x168 [ 2073.019416] bfq_put_async_queues+0xbc/0x208 [ 2073.019420] bfq_pd_offline+0x178/0x238 [ 2073.019424] blkcg_deactivate_policy+0x1f0/0x420 [ 2073.019429] bfq_exit_queue+0x128/0x178 [ 2073.019433] blk_mq_exit_sched+0x12c/0x160 [ 2073.019437] elevator_exit+0xc8/0xd0 [ 2073.019440] blk_exit_queue+0x50/0x88 [ 2073.019443] blk_cleanup_queue+0x228/0x3d8 [ 2073.019451] null_del_dev+0xfc/0x1e0 [null_blk] [ 2073.019459] null_exit+0x90/0x114 [null_blk] [ 2073.019462] __arm64_sys_delete_module+0x358/0x5a0 [ 2073.019467] el0_svc_common+0xc8/0x320 [ 2073.019471] el0_svc_handler+0xf8/0x160 [ 2073.019474] el0_svc+0x10/0x218 [ 2073.019475] [ 2073.019479] The buggy address belongs to the object at ffff8000ccf63f00 which belongs to the cache kmalloc-1024 of size 1024 [ 2073.019484] The buggy address is located 552 bytes inside of 1024-byte region [ffff8000ccf63f00, ffff8000ccf64300) [ 2073.019486] The buggy address belongs to the page: [ 2073.019492] page:ffff7e000333d800 count:1 mapcount:0 mapping:ffff8000c0003a00 index:0x0 compound_mapcount: 0 [ 2073.020123] flags: 0x7ffff0000008100(slab|head) [ 2073.020403] raw: 07ffff0000008100 ffff7e0003334c08 ffff7e00001f5a08 ffff8000c0003a00 [ 2073.020409] ra ---truncated---

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c4f5a678add58a8a0…
	https://git.kernel.org/stable/c/7507ead1e9d42957c…
	https://git.kernel.org/stable/c/8f34dea99cd776115…
	https://git.kernel.org/stable/c/87fdfe8589d43e471…
	https://git.kernel.org/stable/c/c01fced8d38fbccc8…
	https://git.kernel.org/stable/c/8410f70977734f21b…

Impacted products

Vendor

Product

Version

Linux

Affected: aee69d78dec0ffdf82e35d57c626e80dddc314d5 , < c4f5a678add58a8a0e7ee5e038496b376ea6d205 (git)
Affected: aee69d78dec0ffdf82e35d57c626e80dddc314d5 , < 7507ead1e9d42957c2340f2c4a0e9d00034e3366 (git)
Affected: aee69d78dec0ffdf82e35d57c626e80dddc314d5 , < 8f34dea99cd7761156a146a5258a67d045d862f7 (git)
Affected: aee69d78dec0ffdf82e35d57c626e80dddc314d5 , < 87fdfe8589d43e471dffb4c60f75eeb6f37afc4c (git)
Affected: aee69d78dec0ffdf82e35d57c626e80dddc314d5 , < c01fced8d38fbccc82787065229578006f28e020 (git)
Affected: aee69d78dec0ffdf82e35d57c626e80dddc314d5 , < 8410f70977734f21b8ed45c37e925d311dfda2e7 (git)

Linux

Affected: 4.12
Unaffected: 0 , < 4.12 (semver)
Unaffected: 5.4.189 , ≤ 5.4.* (semver)
Unaffected: 5.10.110 , ≤ 5.10.* (semver)
Unaffected: 5.15.33 , ≤ 5.15.* (semver)
Unaffected: 5.16.19 , ≤ 5.16.* (semver)
Unaffected: 5.17.2 , ≤ 5.17.* (semver)
Unaffected: 5.18 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-49179",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-27T17:59:03.662860Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T18:02:29.552Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "block/bfq-cgroup.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c4f5a678add58a8a0e7ee5e038496b376ea6d205",
              "status": "affected",
              "version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
              "versionType": "git"
            },
            {
              "lessThan": "7507ead1e9d42957c2340f2c4a0e9d00034e3366",
              "status": "affected",
              "version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
              "versionType": "git"
            },
            {
              "lessThan": "8f34dea99cd7761156a146a5258a67d045d862f7",
              "status": "affected",
              "version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
              "versionType": "git"
            },
            {
              "lessThan": "87fdfe8589d43e471dffb4c60f75eeb6f37afc4c",
              "status": "affected",
              "version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
              "versionType": "git"
            },
            {
              "lessThan": "c01fced8d38fbccc82787065229578006f28e020",
              "status": "affected",
              "version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
              "versionType": "git"
            },
            {
              "lessThan": "8410f70977734f21b8ed45c37e925d311dfda2e7",
              "status": "affected",
              "version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "block/bfq-cgroup.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.12"
            },
            {
              "lessThan": "4.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.189",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.17.*",
              "status": "unaffected",
              "version": "5.17.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.189",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.110",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.33",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.19",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17.2",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: don\u0027t move oom_bfqq\n\nOur test report a UAF:\n\n[ 2073.019181] ==================================================================\n[ 2073.019188] BUG: KASAN: use-after-free in __bfq_put_async_bfqq+0xa0/0x168\n[ 2073.019191] Write of size 8 at addr ffff8000ccf64128 by task rmmod/72584\n[ 2073.019192]\n[ 2073.019196] CPU: 0 PID: 72584 Comm: rmmod Kdump: loaded Not tainted 4.19.90-yk #5\n[ 2073.019198] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n[ 2073.019200] Call trace:\n[ 2073.019203]  dump_backtrace+0x0/0x310\n[ 2073.019206]  show_stack+0x28/0x38\n[ 2073.019210]  dump_stack+0xec/0x15c\n[ 2073.019216]  print_address_description+0x68/0x2d0\n[ 2073.019220]  kasan_report+0x238/0x2f0\n[ 2073.019224]  __asan_store8+0x88/0xb0\n[ 2073.019229]  __bfq_put_async_bfqq+0xa0/0x168\n[ 2073.019233]  bfq_put_async_queues+0xbc/0x208\n[ 2073.019236]  bfq_pd_offline+0x178/0x238\n[ 2073.019240]  blkcg_deactivate_policy+0x1f0/0x420\n[ 2073.019244]  bfq_exit_queue+0x128/0x178\n[ 2073.019249]  blk_mq_exit_sched+0x12c/0x160\n[ 2073.019252]  elevator_exit+0xc8/0xd0\n[ 2073.019256]  blk_exit_queue+0x50/0x88\n[ 2073.019259]  blk_cleanup_queue+0x228/0x3d8\n[ 2073.019267]  null_del_dev+0xfc/0x1e0 [null_blk]\n[ 2073.019274]  null_exit+0x90/0x114 [null_blk]\n[ 2073.019278]  __arm64_sys_delete_module+0x358/0x5a0\n[ 2073.019282]  el0_svc_common+0xc8/0x320\n[ 2073.019287]  el0_svc_handler+0xf8/0x160\n[ 2073.019290]  el0_svc+0x10/0x218\n[ 2073.019291]\n[ 2073.019294] Allocated by task 14163:\n[ 2073.019301]  kasan_kmalloc+0xe0/0x190\n[ 2073.019305]  kmem_cache_alloc_node_trace+0x1cc/0x418\n[ 2073.019308]  bfq_pd_alloc+0x54/0x118\n[ 2073.019313]  blkcg_activate_policy+0x250/0x460\n[ 2073.019317]  bfq_create_group_hierarchy+0x38/0x110\n[ 2073.019321]  bfq_init_queue+0x6d0/0x948\n[ 2073.019325]  blk_mq_init_sched+0x1d8/0x390\n[ 2073.019330]  elevator_switch_mq+0x88/0x170\n[ 2073.019334]  elevator_switch+0x140/0x270\n[ 2073.019338]  elv_iosched_store+0x1a4/0x2a0\n[ 2073.019342]  queue_attr_store+0x90/0xe0\n[ 2073.019348]  sysfs_kf_write+0xa8/0xe8\n[ 2073.019351]  kernfs_fop_write+0x1f8/0x378\n[ 2073.019359]  __vfs_write+0xe0/0x360\n[ 2073.019363]  vfs_write+0xf0/0x270\n[ 2073.019367]  ksys_write+0xdc/0x1b8\n[ 2073.019371]  __arm64_sys_write+0x50/0x60\n[ 2073.019375]  el0_svc_common+0xc8/0x320\n[ 2073.019380]  el0_svc_handler+0xf8/0x160\n[ 2073.019383]  el0_svc+0x10/0x218\n[ 2073.019385]\n[ 2073.019387] Freed by task 72584:\n[ 2073.019391]  __kasan_slab_free+0x120/0x228\n[ 2073.019394]  kasan_slab_free+0x10/0x18\n[ 2073.019397]  kfree+0x94/0x368\n[ 2073.019400]  bfqg_put+0x64/0xb0\n[ 2073.019404]  bfqg_and_blkg_put+0x90/0xb0\n[ 2073.019408]  bfq_put_queue+0x220/0x228\n[ 2073.019413]  __bfq_put_async_bfqq+0x98/0x168\n[ 2073.019416]  bfq_put_async_queues+0xbc/0x208\n[ 2073.019420]  bfq_pd_offline+0x178/0x238\n[ 2073.019424]  blkcg_deactivate_policy+0x1f0/0x420\n[ 2073.019429]  bfq_exit_queue+0x128/0x178\n[ 2073.019433]  blk_mq_exit_sched+0x12c/0x160\n[ 2073.019437]  elevator_exit+0xc8/0xd0\n[ 2073.019440]  blk_exit_queue+0x50/0x88\n[ 2073.019443]  blk_cleanup_queue+0x228/0x3d8\n[ 2073.019451]  null_del_dev+0xfc/0x1e0 [null_blk]\n[ 2073.019459]  null_exit+0x90/0x114 [null_blk]\n[ 2073.019462]  __arm64_sys_delete_module+0x358/0x5a0\n[ 2073.019467]  el0_svc_common+0xc8/0x320\n[ 2073.019471]  el0_svc_handler+0xf8/0x160\n[ 2073.019474]  el0_svc+0x10/0x218\n[ 2073.019475]\n[ 2073.019479] The buggy address belongs to the object at ffff8000ccf63f00\n which belongs to the cache kmalloc-1024 of size 1024\n[ 2073.019484] The buggy address is located 552 bytes inside of\n 1024-byte region [ffff8000ccf63f00, ffff8000ccf64300)\n[ 2073.019486] The buggy address belongs to the page:\n[ 2073.019492] page:ffff7e000333d800 count:1 mapcount:0 mapping:ffff8000c0003a00 index:0x0 compound_mapcount: 0\n[ 2073.020123] flags: 0x7ffff0000008100(slab|head)\n[ 2073.020403] raw: 07ffff0000008100 ffff7e0003334c08 ffff7e00001f5a08 ffff8000c0003a00\n[ 2073.020409] ra\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:31:42.491Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c4f5a678add58a8a0e7ee5e038496b376ea6d205"
        },
        {
          "url": "https://git.kernel.org/stable/c/7507ead1e9d42957c2340f2c4a0e9d00034e3366"
        },
        {
          "url": "https://git.kernel.org/stable/c/8f34dea99cd7761156a146a5258a67d045d862f7"
        },
        {
          "url": "https://git.kernel.org/stable/c/87fdfe8589d43e471dffb4c60f75eeb6f37afc4c"
        },
        {
          "url": "https://git.kernel.org/stable/c/c01fced8d38fbccc82787065229578006f28e020"
        },
        {
          "url": "https://git.kernel.org/stable/c/8410f70977734f21b8ed45c37e925d311dfda2e7"
        }
      ],
      "title": "block, bfq: don\u0027t move oom_bfqq",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49179",
    "datePublished": "2025-02-26T01:55:32.100Z",
    "dateReserved": "2025-02-26T01:49:39.281Z",
    "dateUpdated": "2025-05-04T08:31:42.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-49545 (GCVE-0-2022-49545)

Vulnerability from cvelistv5 – Published: 2025-02-26 02:13 – Updated: 2025-12-23 13:24

Title

ALSA: usb-audio: Cancel pending work at closing a MIDI substream

Summary

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output substream, there might be still a pending work, which would eventually access the rawmidi runtime object that is being released. For fixing the race, make sure to cancel the pending work at closing.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2025:02090-1

CVE-2022-49179 (GCVE-0-2022-49179)

CVE-2022-49545 (GCVE-0-2022-49545)

Tags

Sightings

Nomenclature