CVE-2022-50552

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> blk-mq: use quiesced elevator switch when reinitializing queues<br /> <br /> The hctx&amp;#39;s run_work may be racing with the elevator switch when<br /> reinitializing hardware queues. The queue is merely frozen in this<br /> context, but that only prevents requests from allocating and doesn&amp;#39;t<br /> stop the hctx work from running. The work may get an elevator pointer<br /> that&amp;#39;s being torn down, and can result in use-after-free errors and<br /> kernel panics (example below). Use the quiesced elevator switch instead,<br /> and make the previous one static since it is now only used locally.<br /> <br /> nvme nvme0: resetting controller<br /> nvme nvme0: 32/0/0 default/read/poll queues<br /> BUG: kernel NULL pointer dereference, address: 0000000000000008<br /> #PF: supervisor read access in kernel mode<br /> #PF: error_code(0x0000) - not-present page<br /> PGD 80000020c8861067 P4D 80000020c8861067 PUD 250f8c8067 PMD 0<br /> Oops: 0000 [#1] SMP PTI<br /> Workqueue: kblockd blk_mq_run_work_fn<br /> RIP: 0010:kyber_has_work+0x29/0x70<br /> <br /> ...<br /> <br /> Call Trace:<br /> __blk_mq_do_dispatch_sched+0x83/0x2b0<br /> __blk_mq_sched_dispatch_requests+0x12e/0x170<br /> blk_mq_sched_dispatch_requests+0x30/0x60<br /> __blk_mq_run_hw_queue+0x2b/0x50<br /> process_one_work+0x1ef/0x380<br /> worker_thread+0x2d/0x3e0