CVE-2022-50550
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-50550
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50550.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-50550
- Downstream
- Published
- 2025-10-07T15:21:12Z
- Modified
- 2025-10-15T03:01:58.127280Z
- Summary
- blk-iolatency: Fix memory leak on add_disk() failures
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
blk-iolatency: Fix memory leak on add_disk() failures
When a gendisk is successfully initialized but adddisk() fails such as when a loop device has invalid number of minor device numbers specified, blkcginitdisk() is called during init and then blkcgexit_disk() during error handling. Unfortunately, iolatency gets initialized in the former but doesn't get cleaned up in the latter.
This is because, in non-error cases, the cleanup is performed by delgendisk() calling rqqosexit(), the assumption being that rqqos policies, iolatency being one of them, can only be activated once the disk is fully registered and visible. That assumption is true for wbt and iocost, but not so for iolatency as it gets initialized before add_disk() is called.
It is desirable to lazy-init rqqos policies because they are optional features and add to hot path overhead once initialized - each IO has to walk all the registered rqqos policies. So, we want to switch iolatency to lazy init too. However, that's a bigger change. As a fix for the immediate problem, let's just add an extra call to rqqosexit() in blkcgexitdisk(). This is safe because duplicate calls to rqqosexit() become noop's.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd70675121546c35feaceebf7ed9caed8716640f3Fixed2a126e1db5553ce4498290df019866952f858954
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd70675121546c35feaceebf7ed9caed8716640f3Fixed215f9437dda09531bcb80605298a24219f01cec5
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd70675121546c35feaceebf7ed9caed8716640f3Fixed813e693023ba10da9e75067780f8378465bf27cc
Affected versions
v4.*
v4.18
v4.18-rc5
v4.18-rc6
v4.18-rc7
v4.18-rc8
v4.19
v4.19-rc1
v4.19-rc2
v4.19-rc3
v4.19-rc4
v4.19-rc5
v4.19-rc6
v4.19-rc7
v4.19-rc8
v4.20
v4.20-rc1
v4.20-rc2
v4.20-rc3
v4.20-rc4
v4.20-rc5
v4.20-rc6
v4.20-rc7
v5.*
v5.0
v5.0-rc1
v5.0-rc2
v5.0-rc3
v5.0-rc4
v5.0-rc5
v5.0-rc6
v5.0-rc7
v5.0-rc8
v5.1
v5.1-rc1
v5.1-rc2
v5.1-rc3
v5.1-rc4
v5.1-rc5
v5.1-rc6
v5.1-rc7
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.2
v5.2-rc1
v5.2-rc2
v5.2-rc3
v5.2-rc4
v5.2-rc5
v5.2-rc6
v5.2-rc7
v5.3
v5.3-rc1
v5.3-rc2
v5.3-rc3
v5.3-rc4
v5.3-rc5
v5.3-rc6
v5.3-rc7
v5.3-rc8
v5.4
v5.4-rc1
v5.4-rc2
v5.4-rc3
v5.4-rc4
v5.4-rc5
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.0.1
v6.0.10
v6.0.11
v6.0.12
v6.0.13
v6.0.14
v6.0.15
v6.0.16
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2022-50550-215ec8cf",
"signature_type": "Line",
"target": {
"file": "block/blk-cgroup.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"287242413962561740541375932647658911918",
"215185046582169069565055158692927859331",
"180390800287411301732876904579394027407",
"13144674150001802767436355310464817936",
"11513550311751943130479857091725612270",
"46637171219193372538459622416841544733",
"98661408116224644257080746114978771597",
"211157605266148477459511160927502595642"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@813e693023ba10da9e75067780f8378465bf27cc"
},
{
"id": "CVE-2022-50550-40918e95",
"signature_type": "Line",
"target": {
"file": "block/blk-cgroup.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"287242413962561740541375932647658911918",
"215185046582169069565055158692927859331",
"180390800287411301732876904579394027407",
"13144674150001802767436355310464817936",
"11513550311751943130479857091725612270",
"46637171219193372538459622416841544733",
"98661408116224644257080746114978771597",
"211157605266148477459511160927502595642"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2a126e1db5553ce4498290df019866952f858954"
},
{
"id": "CVE-2022-50550-bc1c2cac",
"signature_type": "Function",
"target": {
"file": "block/blk-cgroup.c",
"function": "blkcg_exit_disk"
},
"signature_version": "v1",
"digest": {
"length": 78.0,
"function_hash": "56771322495587552517050006786434802306"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@215f9437dda09531bcb80605298a24219f01cec5"
},
{
"id": "CVE-2022-50550-d0696afc",
"signature_type": "Function",
"target": {
"file": "block/blk-cgroup.c",
"function": "blkcg_exit_disk"
},
"signature_version": "v1",
"digest": {
"length": 78.0,
"function_hash": "56771322495587552517050006786434802306"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@813e693023ba10da9e75067780f8378465bf27cc"
},
{
"id": "CVE-2022-50550-f246c587",
"signature_type": "Line",
"target": {
"file": "block/blk-cgroup.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"287242413962561740541375932647658911918",
"215185046582169069565055158692927859331",
"180390800287411301732876904579394027407",
"13144674150001802767436355310464817936",
"11513550311751943130479857091725612270",
"46637171219193372538459622416841544733",
"98661408116224644257080746114978771597",
"211157605266148477459511160927502595642"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@215f9437dda09531bcb80605298a24219f01cec5"
},
{
"id": "CVE-2022-50550-fe5fd3af",
"signature_type": "Function",
"target": {
"file": "block/blk-cgroup.c",
"function": "blkcg_exit_disk"
},
"signature_version": "v1",
"digest": {
"length": 78.0,
"function_hash": "56771322495587552517050006786434802306"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2a126e1db5553ce4498290df019866952f858954"
}
]
}