In the Linux kernel, the following vulnerability has been resolved:
block: release rq qos structures for queue without disk
blkcginitqueue() may add rq qos structures to request queue, previously blkcleanupqueue() calls rqqosexit() to release them, but commit 8e141f9eb803 ("block: drain file system I/O on delgendisk") moves rqqosexit() into delgendisk(), so memory leak is caused because queues may not have disk, such as un-present scsi luns, nvme admin queue, ...
Fixes the issue by adding rqqosexit() to blkcleanupqueue() back.
BTW, v5.18 won't need this patch any more since we move blkcginitqueue()/blkcgexitqueue() into disk allocation/release handler, and patches have been in for-5.18/block.