CVE-2022-50064

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-50064
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50064.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-50064
Downstream
Published
2025-06-18T11:02:11.276Z
Modified
2026-03-11T08:54:20.088271Z
Summary
virtio-blk: Avoid use-after-free on suspend/resume
Details

In the Linux kernel, the following vulnerability has been resolved:

virtio-blk: Avoid use-after-free on suspend/resume

hctx->userdata is set to vq in virtblkinithctx(). However, vq is freed on suspend and reallocated on resume. So, hctx->userdata is invalid after resume, and it will cause use-after-free accessing which will result in the kernel crash something like below:

[ 22.428391] Call Trace: [ 22.428899] <TASK> [ 22.429339] virtqueueaddsplit+0x3eb/0x620 [ 22.430035] ? __blkmqallocrequests+0x17f/0x2d0 [ 22.430789] ? kvmclockgetcycles+0x14/0x30 [ 22.431496] virtqueueaddsgs+0xad/0xd0 [ 22.432108] virtblkaddreq+0xe8/0x150 [ 22.432692] virtioqueuerqs+0xeb/0x210 [ 22.433330] blkmqflushpluglist+0x1b8/0x280 [ 22.434059] __blkflushplug+0xe1/0x140 [ 22.434853] blkfinishplug+0x20/0x40 [ 22.435512] readpages+0x20a/0x2e0 [ 22.436063] ? folioaddlru+0x62/0xa0 [ 22.436652] pagecacheraunbounded+0x112/0x160 [ 22.437365] filemapgetpages+0xe1/0x5b0 [ 22.437964] ? contexttosid+0x70/0x100 [ 22.438580] ? sidtabcontexttosid+0x32/0x400 [ 22.439979] filemapread+0xcd/0x3d0 [ 22.440917] xfsfilebufferedread+0x4a/0xc0 [ 22.441984] xfsfilereaditer+0x65/0xd0 [ 22.442970] __kernelread+0x160/0x2e0 [ 22.443921] bprmexecve+0x21b/0x640 [ 22.444809] doexecveatcommon.isra.0+0x1a8/0x220 [ 22.446008] __x64sysexecve+0x2d/0x40 [ 22.446920] dosyscall64+0x37/0x90 [ 22.447773] entrySYSCALL64afterhwframe+0x63/0xcd

This patch fixes this issue by getting vq from vblk, and removes virtblkinithctx().

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50064.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4e0400525691d0e676dbe002641f9a61261f1e1b
Fixed
2b54e14535bc34bf649372060d518ec9f2b893b3
Fixed
8d12ec10292877751ee4463b11a63bd850bc09b5

Affected versions

v5.*
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.19.1
v5.19.2
v5.19.3

Database specific

vanir_signatures 
[
    {
        "digest": {
            "length": 549.0,
            "function_hash": "168558082214254048306935899022621857188"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2022-50064-3708aa7f",
        "target": {
            "function": "virtblk_poll",
            "file": "drivers/block/virtio_blk.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8d12ec10292877751ee4463b11a63bd850bc09b5"
    },
    {
        "digest": {
            "length": 247.0,
            "function_hash": "310118045069858957126682608062713463719"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2022-50064-39ebdcea",
        "target": {
            "function": "virtblk_init_hctx",
            "file": "drivers/block/virtio_blk.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8d12ec10292877751ee4463b11a63bd850bc09b5"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "329258223920726115930136213038223246486",
                "167184630191837097259381553339630589247",
                "173895345165323738836980454775617965057",
                "166333835600717610198514904129206850495",
                "11017480191291518371564390607933837776",
                "285668060560537128982739006129937862459",
                "296016982080011872361130468047893233748",
                "109817088017545032083526907692543769032",
                "179842739569937362985347331041135083592",
                "276326553297776307552143665255892924509",
                "140368043705086466718420749999303946793",
                "60082543614371891672066305184784108123",
                "43292437599336529753623177422030236203",
                "324930064291866494593437651833780618374",
                "116151827650666106414046935894405850119",
                "222277397938093524738240727365595094573",
                "304014842784178777903327882195472404635",
                "251991276603155289540438286214592293178",
                "333178720113692804249527264884301610698",
                "310403779408939752622257139862625408250",
                "315539155435488971460077853276992472246",
                "227341948822336707522855601643441031757",
                "318614284434032323097662266841430170639",
                "70376461477568416402981567603495960460",
                "255753189760287718441325389416687105866",
                "100434906096571738129765386118732006351",
                "175117445833642879968506178467938691450",
                "97013463724116102051388540551324863201"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2022-50064-57b1df48",
        "target": {
            "file": "drivers/block/virtio_blk.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2b54e14535bc34bf649372060d518ec9f2b893b3"
    },
    {
        "digest": {
            "length": 533.0,
            "function_hash": "152672175010487713990426533635508687476"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2022-50064-74610277",
        "target": {
            "function": "virtio_queue_rqs",
            "file": "drivers/block/virtio_blk.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2b54e14535bc34bf649372060d518ec9f2b893b3"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "329258223920726115930136213038223246486",
                "167184630191837097259381553339630589247",
                "173895345165323738836980454775617965057",
                "166333835600717610198514904129206850495",
                "11017480191291518371564390607933837776",
                "285668060560537128982739006129937862459",
                "296016982080011872361130468047893233748",
                "109817088017545032083526907692543769032",
                "179842739569937362985347331041135083592",
                "276326553297776307552143665255892924509",
                "140368043705086466718420749999303946793",
                "60082543614371891672066305184784108123",
                "43292437599336529753623177422030236203",
                "324930064291866494593437651833780618374",
                "116151827650666106414046935894405850119",
                "222277397938093524738240727365595094573",
                "304014842784178777903327882195472404635",
                "251991276603155289540438286214592293178",
                "333178720113692804249527264884301610698",
                "310403779408939752622257139862625408250",
                "315539155435488971460077853276992472246",
                "227341948822336707522855601643441031757",
                "318614284434032323097662266841430170639",
                "70376461477568416402981567603495960460",
                "255753189760287718441325389416687105866",
                "100434906096571738129765386118732006351",
                "175117445833642879968506178467938691450",
                "97013463724116102051388540551324863201"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2022-50064-8818b86c",
        "target": {
            "file": "drivers/block/virtio_blk.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8d12ec10292877751ee4463b11a63bd850bc09b5"
    },
    {
        "digest": {
            "length": 549.0,
            "function_hash": "168558082214254048306935899022621857188"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2022-50064-96e0b0a7",
        "target": {
            "function": "virtblk_poll",
            "file": "drivers/block/virtio_blk.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2b54e14535bc34bf649372060d518ec9f2b893b3"
    },
    {
        "digest": {
            "length": 533.0,
            "function_hash": "152672175010487713990426533635508687476"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2022-50064-b5ace8de",
        "target": {
            "function": "virtio_queue_rqs",
            "file": "drivers/block/virtio_blk.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8d12ec10292877751ee4463b11a63bd850bc09b5"
    },
    {
        "digest": {
            "length": 247.0,
            "function_hash": "310118045069858957126682608062713463719"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2022-50064-fdd498da",
        "target": {
            "function": "virtblk_init_hctx",
            "file": "drivers/block/virtio_blk.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2b54e14535bc34bf649372060d518ec9f2b893b3"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50064.json"