In the Linux kernel, the following vulnerability has been resolved:
block: Fix handling of offline queues in blkmqallocrequesthctx()
This patch prevents that test nvme/004 triggers the following:
UBSAN: array-index-out-of-bounds in block/blk-mq.h:135:9 index 512 is out of range for type 'long unsigned int [512]' Call Trace: showstack+0x52/0x58 dumpstacklvl+0x49/0x5e dumpstack+0x10/0x12 ubsanepilogue+0x9/0x3b _ubsanhandleoutofbounds.cold+0x44/0x49 blkmqallocrequesthctx+0x304/0x310 _nvmesubmitsynccmd+0x70/0x200 [nvmecore] nvmfconnectioqueue+0x23e/0x2a0 [nvmefabrics] nvmeloopconnectioqueues+0x8d/0xb0 [nvmeloop] nvmeloopcreatectrl+0x58e/0x7d0 [nvmeloop] nvmfcreatectrl+0x1d7/0x4d0 [nvmefabrics] nvmfdevwrite+0xae/0x111 [nvmefabrics] vfswrite+0x144/0x560 ksyswrite+0xb7/0x140 _x64syswrite+0x42/0x50 dosyscall64+0x35/0x80 entrySYSCALL64after_hwframe+0x44/0xae
{ "vanir_signatures": [ { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b202a0bd2580ee5b0453772c46d464152fafff73", "signature_type": "Function", "target": { "function": "blk_mq_alloc_request_hctx", "file": "block/blk-mq.c" }, "deprecated": false, "digest": { "length": 1093.0, "function_hash": "238601602800878957389631467227161787292" }, "id": "CVE-2022-49720-0d5b5dad" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@14dc7a18abbe4176f5626c13c333670da8e06aa1", "signature_type": "Line", "target": { "file": "block/blk-mq.c" }, "deprecated": false, "digest": { "line_hashes": [ "215550995606810123331566987033104639702", "46765092363884390795710142237505141050", "337371794124370868918279009183147200080", "97523806707997086942306438190604727380" ], "threshold": 0.9 }, "id": "CVE-2022-49720-31810d6b" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b5e65ef044d627effdc2599040b6d204e003f955", "signature_type": "Function", "target": { "function": "blk_mq_alloc_request_hctx", "file": "block/blk-mq.c" }, "deprecated": false, "digest": { "length": 1012.0, "function_hash": "23254047003897621175315211822804340825" }, "id": "CVE-2022-49720-53548b5b" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7fa28a7c3d74933a4fc22d341b60927952f31c19", "signature_type": "Function", "target": { "function": "blk_mq_alloc_request_hctx", "file": "block/blk-mq.c" }, "deprecated": false, "digest": { "length": 1012.0, "function_hash": "23254047003897621175315211822804340825" }, "id": "CVE-2022-49720-638b4430" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b5e65ef044d627effdc2599040b6d204e003f955", "signature_type": "Line", "target": { "file": "block/blk-mq.c" }, "deprecated": false, "digest": { "line_hashes": [ "239121458389819468876916437418681647729", "46765092363884390795710142237505141050", "337371794124370868918279009183147200080", "97523806707997086942306438190604727380" ], "threshold": 0.9 }, "id": "CVE-2022-49720-7e148dae" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b202a0bd2580ee5b0453772c46d464152fafff73", "signature_type": "Line", "target": { "file": "block/blk-mq.c" }, "deprecated": false, "digest": { "line_hashes": [ "215550995606810123331566987033104639702", "46765092363884390795710142237505141050", "337371794124370868918279009183147200080", "97523806707997086942306438190604727380" ], "threshold": 0.9 }, "id": "CVE-2022-49720-a4edd67b" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@14dc7a18abbe4176f5626c13c333670da8e06aa1", "signature_type": "Function", "target": { "function": "blk_mq_alloc_request_hctx", "file": "block/blk-mq.c" }, "deprecated": false, "digest": { "length": 1093.0, "function_hash": "238601602800878957389631467227161787292" }, "id": "CVE-2022-49720-ca7a359f" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7fa28a7c3d74933a4fc22d341b60927952f31c19", "signature_type": "Line", "target": { "file": "block/blk-mq.c" }, "deprecated": false, "digest": { "line_hashes": [ "239121458389819468876916437418681647729", "46765092363884390795710142237505141050", "337371794124370868918279009183147200080", "97523806707997086942306438190604727380" ], "threshold": 0.9 }, "id": "CVE-2022-49720-faee8bb2" } ] }