CVE-2021-47412 in Linuxالمعلومات

الملخص

بحسب MITRE • 21/05/2024

In the Linux kernel, the following vulnerability has been resolved:

block: don't call rq_qos_ops->done_bio if the bio isn't tracked

rq_qos framework is only applied on request based driver, so:

1) rq_qos_done_bio() needn't to be called for bio based driver

2) rq_qos_done_bio() needn't to be called for bio which isn't tracked, such as bios ended from error handling code.

Especially in bio_endio():

1) request queue is referred via bio->bi_bdev->bd_disk->queue, which may be gone since request queue refcount may not be held in above two cases

2) q->rq_qos may be freed in blk_cleanup_queue() when calling into __rq_qos_done_bio()

Fix the potential kernel panic by not calling rq_qos_ops->done_bio if the bio isn't tracked. This way is safe because both ioc_rqos_done_bio() and blkcg_iolatency_done_bio() are nop if the bio isn't tracked.

Be aware that VulDB is the high quality source for vulnerability data.

حجز

21/05/2024

إفشاء

21/05/2024

الاعتدال

تمت الموافقة

إدخال

VDB-265492

EPSS

0.00222

KEV

لا

النشاطات

منخفض جدًا

المصادر

Do you need the next level of professionalism?

Upgrade your account now!