CVE-2022-50550 (CNNVD-202510-1008)

UNKNOWN
中文标题:
Linux kernel 安全漏洞
英文标题:
blk-iolatency: Fix memory leak on add_disk() failures
CVSS分数: N/A
发布时间: 2025-10-07 15:21:12
漏洞类型: 其他
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于blk-iolatency在add_disk失败时未正确清理内存,可能导致内存泄漏。

英文描述:

In the Linux kernel, the following vulnerability has been resolved: blk-iolatency: Fix memory leak on add_disk() failures When a gendisk is successfully initialized but add_disk() fails such as when a loop device has invalid number of minor device numbers specified, blkcg_init_disk() is called during init and then blkcg_exit_disk() during error handling. Unfortunately, iolatency gets initialized in the former but doesn't get cleaned up in the latter. This is because, in non-error cases, the cleanup is performed by del_gendisk() calling rq_qos_exit(), the assumption being that rq_qos policies, iolatency being one of them, can only be activated once the disk is fully registered and visible. That assumption is true for wbt and iocost, but not so for iolatency as it gets initialized before add_disk() is called. It is desirable to lazy-init rq_qos policies because they are optional features and add to hot path overhead once initialized - each IO has to walk all the registered rq_qos policies. So, we want to switch iolatency to lazy init too. However, that's a bigger change. As a fix for the immediate problem, let's just add an extra call to rq_qos_exit() in blkcg_exit_disk(). This is safe because duplicate calls to rq_qos_exit() become noop's.

CWE类型:
(暂无数据)
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
Linux Linux - < 2a126e1db5553ce4498290df019866952f858954 - cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*
Linux Linux 4.19 - - cpe:2.3:a:linux:linux:4.19:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
CVSS评分详情
暂无CVSS评分信息
时间信息
发布时间:
2025-10-07 15:21:12
修改时间:
2025-10-07 15:21:12
创建时间:
2025-11-11 15:37:58
更新时间:
2025-11-11 16:00:15
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2022-50550 2025-11-11 15:21:45 2025-11-11 07:37:58
NVD nvd_CVE-2022-50550 2025-11-11 14:58:37 2025-11-11 07:46:09
CNNVD cnnvd_CNNVD-202510-1008 2025-11-11 15:12:29 2025-11-11 08:00:15
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 16:00:15
vulnerability_type: 未提取 → 其他; severity: SeverityLevel.MEDIUM → SeverityLevel.UNKNOWN; cvss_score: 未提取 → 0.0; cnnvd_id: 未提取 → CNNVD-202510-1008; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 其他
  • severity: SeverityLevel.MEDIUM -> SeverityLevel.UNKNOWN
  • cvss_score: 未提取 -> 0.0
  • cnnvd_id: 未提取 -> CNNVD-202510-1008
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:46:09
affected_products_count: 4 → 2; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • affected_products_count: 4 -> 2
  • data_sources: ['cve'] -> ['cve', 'nvd']