CVE-2022-50329

Commit 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'") will access 'bic->bfqq' in bicsetbfqq(), however, bfqexiticqbfqq() can free bfqq first, and then call bicset_bfqq(), which will cause uaf.

Fix the problem by moving bfqexitbfqq() behind bicsetbfqq().

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50329.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

5533742c7cb1bc9b1f0bf401cc397d44a3a9e07a

Fixed

1425f1bb5df5239021fd09ebc2a5e8070e705d36

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

094f3d9314d67691cb21ba091c1b528f6e3c4893

Fixed

7949b0df3dd9f4817ed4a4e989fa9ee81df6205f

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

b22fd72bfebda3956efc4431b60ddfc0a51e03e0

Fixed

cfe5b38c37720313eff0dec5517442c7ab3c9a20

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

761564d93c8265f65543acf0a576b32d66bfa26a

Fixed

1ed959fef5b1c6f1a7a3fbea543698c30ebd6678

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

64dc8c732f5c2b406cc752e6aaa1bd5471159cab

Fixed

246cf66e300b76099b5dbd3fdd39e9a5dbc53f02

Affected versions

v5.*

v5.15.86

v6.*

v6.0.16

v6.1.2

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.15.86

Fixed

5.15.87

Type: ECOSYSTEM
Events: Introduced

6.0.16

Fixed

6.0.17

Type: ECOSYSTEM
Events: Introduced

6.1.2

Fixed

6.1.3