{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49406", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T02:08:31.566Z", "datePublished": "2025-02-26T02:12:31.086Z", "dateUpdated": "2025-02-26T02:12:31.086Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-02-26T02:12:31.086Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix potential deadlock in blk_ia_range_sysfs_show()\n\nWhen being read, a sysfs attribute is already protected against removal\nwith the kobject node active reference counter. As a result, in\nblk_ia_range_sysfs_show(), there is no need to take the queue sysfs\nlock when reading the value of a range attribute. Using the queue sysfs\nlock in this function creates a potential deadlock situation with the\ndisk removal, something that a lockdep signals with a splat when the\ndevice is removed:\n\n[ 760.703551] Possible unsafe locking scenario:\n[ 760.703551]\n[ 760.703554] CPU0 CPU1\n[ 760.703556] ---- ----\n[ 760.703558] lock(&q->sysfs_lock);\n[ 760.703565] lock(kn->active#385);\n[ 760.703573] lock(&q->sysfs_lock);\n[ 760.703579] lock(kn->active#385);\n[ 760.703587]\n[ 760.703587] *** DEADLOCK ***\n\nSolve this by removing the mutex_lock()/mutex_unlock() calls from\nblk_ia_range_sysfs_show()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["block/blk-ia-ranges.c"], "versions": [{"version": "a2247f19ee1c5ad75ef095cdfb909a3244b88aa8", "lessThan": "dc107c805cde709866b59867ef72b9390199205e", "status": "affected", "versionType": "git"}, {"version": "a2247f19ee1c5ad75ef095cdfb909a3244b88aa8", "lessThan": "717b078bc745ba9a262abebed9806a17e8bbb77b", "status": "affected", "versionType": "git"}, {"version": "a2247f19ee1c5ad75ef095cdfb909a3244b88aa8", "lessThan": "41e46b3c2aa24f755b2ae9ec4ce931ba5f0d8532", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["block/blk-ia-ranges.c"], "versions": [{"version": "5.16", "status": "affected"}, {"version": "0", "lessThan": "5.16", "status": "unaffected", "versionType": "semver"}, {"version": "5.17.14", "lessThanOrEqual": "5.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18.3", "lessThanOrEqual": "5.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/dc107c805cde709866b59867ef72b9390199205e"}, {"url": "https://git.kernel.org/stable/c/717b078bc745ba9a262abebed9806a17e8bbb77b"}, {"url": "https://git.kernel.org/stable/c/41e46b3c2aa24f755b2ae9ec4ce931ba5f0d8532"}], "title": "block: Fix potential deadlock in blk_ia_range_sysfs_show()", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "15E2DD33-2255-4B76-9C15-04FF8CBAB252", "versionEndExcluding": "5.17.14", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E122216-2E9E-4B3E-B7B8-D575A45BA3C2", "versionEndExcluding": "5.18.3", "versionStartIncluding": "5.18", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix potential deadlock in blk_ia_range_sysfs_show()\n\nWhen being read, a sysfs attribute is already protected against removal\nwith the kobject node active reference counter. As a result, in\nblk_ia_range_sysfs_show(), there is no need to take the queue sysfs\nlock when reading the value of a range attribute. Using the queue sysfs\nlock in this function creates a potential deadlock situation with the\ndisk removal, something that a lockdep signals with a splat when the\ndevice is removed:\n\n[ 760.703551] Possible unsafe locking scenario:\n[ 760.703551]\n[ 760.703554] CPU0 CPU1\n[ 760.703556] ---- ----\n[ 760.703558] lock(&q->sysfs_lock);\n[ 760.703565] lock(kn->active#385);\n[ 760.703573] lock(&q->sysfs_lock);\n[ 760.703579] lock(kn->active#385);\n[ 760.703587]\n[ 760.703587] *** DEADLOCK ***\n\nSolve this by removing the mutex_lock()/mutex_unlock() calls from\nblk_ia_range_sysfs_show()."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: block: Fix potential deadlock in blk_ia_range_sysfs_show() Cuando se lee, un atributo sysfs ya est\u00e1 protegido contra la eliminaci\u00f3n con el contador de referencia activo del nodo kobject. Como resultado, en blk_ia_range_sysfs_show(), no es necesario tomar el bloqueo sysfs de la cola al leer el valor de un atributo de rango. El uso del bloqueo de cola sysfs en esta funci\u00f3n crea una posible situaci\u00f3n de bloqueo con la eliminaci\u00f3n del disco, algo que un lockdep se\u00f1ala con un splat cuando se elimina el dispositivo: [ 760.703551] Posible escenario de bloqueo inseguro: [ 760.703551] [ 760.703554] CPU0 CPU1 [ 760.703556] ---- ---- [ 760.703558] lock(&q->sysfs_lock); [ 760.703565] lock(kn->active#385); [ 760.703573] lock(&q->sysfs_lock); [ 760.703579] lock(kn->active#385); [ 760.703587] [ 760.703587] *** DEADLOCK *** Solve this by removing the mutex_lock()/mutex_unlock() calls from blk_ia_range_sysfs_show(). "}], "id": "CVE-2022-49406", "lastModified": "2025-04-17T20:29:18.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-26T07:01:17.123", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/41e46b3c2aa24f755b2ae9ec4ce931ba5f0d8532"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/717b078bc745ba9a262abebed9806a17e8bbb77b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dc107c805cde709866b59867ef72b9390199205e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: block: Fix potential deadlock in blk_ia_range_sysfs_show()", "id": "2348291", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348291"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nblock: Fix potential deadlock in blk_ia_range_sysfs_show()\nWhen being read, a sysfs attribute is already protected against removal\nwith the kobject node active reference counter. As a result, in\nblk_ia_range_sysfs_show(), there is no need to take the queue sysfs\nlock when reading the value of a range attribute. Using the queue sysfs\nlock in this function creates a potential deadlock situation with the\ndisk removal, something that a lockdep signals with a splat when the\ndevice is removed:\n[ 760.703551] Possible unsafe locking scenario:\n[ 760.703551]\n[ 760.703554] CPU0 CPU1\n[ 760.703556] ---- ----\n[ 760.703558] lock(&q->sysfs_lock);\n[ 760.703565] lock(kn->active#385);\n[ 760.703573] lock(&q->sysfs_lock);\n[ 760.703579] lock(kn->active#385);\n[ 760.703587]\n[ 760.703587] *** DEADLOCK ***\nSolve this by removing the mutex_lock()/mutex_unlock() calls from\nblk_ia_range_sysfs_show()."], "name": "CVE-2022-49406", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49406\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49406\nhttps://lore.kernel.org/linux-cve-announce/2025022651-CVE-2022-49406-8378@gregkh/T"], "threat_severity": "Moderate"}