CVE-2022-50530
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-50530
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50530.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-50530
- Downstream
- Published
- 2025-10-07T15:19:21Z
- Modified
- 2025-10-21T12:43:37.259550Z
- Summary
- blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
blk-mq: fix null pointer dereference in blkmqclearrqmapping()
Our syzkaller report a null pointer dereference, root cause is following:
_blkmqallocmapandrqs set->tags[hctxidx] = blkmqallocmapandrqs blkmqallocmapandrqs blkmqallocrqs // failed due to oom allocpagesnode // set->tags[hctxidx] is still NULL blkmqfreerqs drvtags = set->tags[hctxidx]; // null pointer dereference is triggered blkmqclearrqmapping(drv_tags, ...)
This is because commit 63064be150e4 ("blk-mq: Add blkmqallocmapand_rqs()") merged the two steps:
1) set->tags[hctxidx] = blkmqallocrqmap() 2) blkmqallocrqs(..., set->tags[hctx_idx])
into one step:
set->tags[hctxidx] = blkmqallocmapandrqs()
Since tags is not initialized yet in this case, fix the problem by checking if tags is NULL pointer in blkmqclearrqmapping().
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced63064be150e4b1ba1e4af594ef5aa81adf21a52dFixed6a440e6d04431e774dc084abe88c106e2a474c1a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced63064be150e4b1ba1e4af594ef5aa81adf21a52dFixed76dd298094f484c6250ebd076fa53287477b2328
Affected versions
v5.*
v6.*
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@76dd298094f484c6250ebd076fa53287477b2328",
"target": {
"file": "block/blk-mq.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2022-50530-320970e5",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"133877438616094731609467267034755576897",
"188815698141680383610468787088105837361",
"32825095706202074238434461354260091237",
"208615300641553659859368344510460297513"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@76dd298094f484c6250ebd076fa53287477b2328",
"target": {
"function": "blk_mq_clear_rq_mapping",
"file": "block/blk-mq.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2022-50530-4fb9c3f7",
"signature_type": "Function",
"digest": {
"length": 648.0,
"function_hash": "7041806879986557813817608370095553675"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6a440e6d04431e774dc084abe88c106e2a474c1a",
"target": {
"file": "block/blk-mq.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2022-50530-6c0abe2f",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"133877438616094731609467267034755576897",
"188815698141680383610468787088105837361",
"32825095706202074238434461354260091237",
"208615300641553659859368344510460297513"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6a440e6d04431e774dc084abe88c106e2a474c1a",
"target": {
"function": "blk_mq_clear_rq_mapping",
"file": "block/blk-mq.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2022-50530-e960e298",
"signature_type": "Function",
"digest": {
"length": 648.0,
"function_hash": "7041806879986557813817608370095553675"
}
}
]