In the Linux kernel, the following vulnerability has been resolved: block:
don’t call rq_qos_ops->done_bio if the bio isn’t tracked rq_qos framework
is only applied on request based driver, so: 1) rq_qos_done_bio() needn’t
to be called for bio based driver 2) rq_qos_done_bio() needn’t to be called
for bio which isn’t tracked, such as bios ended from error handling code.
Especially in bio_endio(): 1) request queue is referred via
bio->bi_bdev->bd_disk->queue, which may be gone since request queue
refcount may not be held in above two cases 2) q->rq_qos may be freed in
blk_cleanup_queue() when calling into __rq_qos_done_bio() Fix the potential
kernel panic by not calling rq_qos_ops->done_bio if the bio isn’t tracked.
This way is safe because both ioc_rqos_done_bio() and
blkcg_iolatency_done_bio() are nop if the bio isn’t tracked.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/a647a524a46736786c95cdb553a070322ca096e3 (5.15-rc3)
git.kernel.org/stable/c/004b8f8a691205a93d9e80d98b786b2b97424d6e
git.kernel.org/stable/c/a647a524a46736786c95cdb553a070322ca096e3
launchpad.net/bugs/cve/CVE-2021-47412
nvd.nist.gov/vuln/detail/CVE-2021-47412
security-tracker.debian.org/tracker/CVE-2021-47412
www.cve.org/CVERecord?id=CVE-2021-47412