Vulnerability Details : CVE-2021-47412
In the Linux kernel, the following vulnerability has been resolved:
block: don't call rq_qos_ops->done_bio if the bio isn't tracked
rq_qos framework is only applied on request based driver, so:
1) rq_qos_done_bio() needn't to be called for bio based driver
2) rq_qos_done_bio() needn't to be called for bio which isn't tracked,
such as bios ended from error handling code.
Especially in bio_endio():
1) request queue is referred via bio->bi_bdev->bd_disk->queue, which
may be gone since request queue refcount may not be held in above two
cases
2) q->rq_qos may be freed in blk_cleanup_queue() when calling into
__rq_qos_done_bio()
Fix the potential kernel panic by not calling rq_qos_ops->done_bio if
the bio isn't tracked. This way is safe because both ioc_rqos_done_bio()
and blkcg_iolatency_done_bio() are nop if the bio isn't tracked.
Products affected by CVE-2021-47412
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2021-47412
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 20 %
Percentile, the proportion of vulnerabilities that are scored at or less
References for CVE-2021-47412
-
https://git.kernel.org/stable/c/004b8f8a691205a93d9e80d98b786b2b97424d6e
block: don't call rq_qos_ops->done_bio if the bio isn't tracked - kernel/git/stable/linux.git - Linux kernel stable tree
-
https://git.kernel.org/stable/c/a647a524a46736786c95cdb553a070322ca096e3
block: don't call rq_qos_ops->done_bio if the bio isn't tracked - kernel/git/stable/linux.git - Linux kernel stable tree
Jump to