CVE-2022-50552Use After Free in Linux

CWE-416Use After Free6 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 98.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 7
Latest updateApr 20

Description

In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues The hctx's run_work may be racing with the elevator switch when reinitializing hardware queues. The queue is merely frozen in this context, but that only prevents requests from allocating and doesn't stop the hctx work from running. The work may get an elevator pointer that's being torn down, and can result in use-after-free errors and kernel panics (example below

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel4.195.19.17+1
Debianlinux/linux_kernel< 6.0.3-1+2
CVEListV5linux/linuxd48ece209f82c9ce07be942441b53d3fa366493663a681bcc32a43528ce0f690569f7f48e59c3963+3
debiandebian/linux< linux 6.0.3-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
VulDB
Linux Kernel up to 5.19.16/6.0.2 run_work null pointer dereference (EUVD-2025-32006 / Nessus ID 284771)2026-04-20
GHSA
GHSA-8p56-6q52-jgv2: In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues The hctx's run_w2025-10-07
OSV
CVE-2022-50552: In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues The hctx's run_wor2025-10-07

📋Vendor Advisories

2
Red Hat
kernel: blk-mq: use quiesced elevator switch when reinitializing queues2025-10-07
Debian
CVE-2022-50552: linux - In the Linux kernel, the following vulnerability has been resolved: blk-mq: use...2022