{"schema_version":"1.7.2","id":"OESA-2025-1338","modified":"2025-03-29T06:23:08Z","published":"2025-03-29T06:23:08Z","upstream":["CVE-2022-49266","CVE-2022-49444","CVE-2022-49711"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix rq-qos breakage from skipping rq_qos_done_bio()\n\na647a524a467 (\u0026quot;block: don\u0026apos;t call rq_qos_ops-\u0026gt;done_bio if the bio isn\u0026apos;t\ntracked\u0026quot;) made bio_endio() skip rq_qos_done_bio() if BIO_TRACKED is not set.\nWhile this fixed a potential oops, it also broke blk-iocost by skipping the\ndone_bio callback for merged bios.\n\nBefore, whether a bio goes through rq_qos_throttle() or rq_qos_merge(),\nrq_qos_done_bio() would be called on the bio on completion with BIO_TRACKED\ndistinguishing the former from the latter. rq_qos_done_bio() is not called\nfor bios which wenth through rq_qos_merge(). This royally confuses\nblk-iocost as the merged bios never finish and are considered perpetually\nin-flight.\n\nOne reliably reproducible failure mode is an intermediate cgroup geting\nstuck active preventing its children from being activated due to the\nleaf-only rule, leading to loss of control. The following is from\nresctl-bench protection scenario which emulates isolating a web server like\nworkload from a memory bomb run on an iocost configuration which should\nyield a reasonable level of protection.\n\n  # cat /sys/block/nvme2n1/device/model\n  Samsung SSD 970 PRO 512GB\n  # cat /sys/fs/cgroup/io.cost.model\n  259:0 ctrl=user model=linear rbps=834913556 rseqiops=93622 rrandiops=102913 wbps=618985353 wseqiops=72325 wrandiops=71025\n  # cat /sys/fs/cgroup/io.cost.qos\n  259:0 enable=1 ctrl=user rpct=95.00 rlat=18776 wpct=95.00 wlat=8897 min=60.00 max=100.00\n  # resctl-bench -m 29.6G -r out.json run protection::scenario=mem-hog,loops=1\n  ...\n  Memory Hog Summary\n  ==================\n\n  IO Latency: R p50=242u:336u/2.5m p90=794u:1.4m/7.5m p99=2.7m:8.0m/62.5m max=8.0m:36.4m/350m\n              W p50=221u:323u/1.5m p90=709u:1.2m/5.5m p99=1.5m:2.5m/9.5m max=6.9m:35.9m/350m\n\n  Isolation and Request Latency Impact Distributions:\n\n                min   p01   p05   p10   p25   p50   p75   p90   p95   p99   max  mean stdev\n  isol%       15.90 15.90 15.90 40.05 57.24 59.07 60.01 74.63 74.63 90.35 90.35 58.12 15.82\n  lat-imp%        0     0     0     0     0  4.55 14.68 15.54 233.5 548.1 548.1 53.88 143.6\n\n  Result: isol=58.12:15.82% lat_imp=53.88%:143.6 work_csv=100.0% missing=3.96%\n\nThe isolation result of 58.12% is close to what this device would show\nwithout any IO control.\n\nFix it by introducing a new flag BIO_QOS_MERGED to mark merged bios and\ncalling rq_qos_done_bio() on them too. For consistency and clarity, rename\nBIO_TRACKED to BIO_QOS_THROTTLED. The flag checks are moved into\nrq_qos_done_bio() so that it\u0026apos;s next to the code paths that set the flags.\n\nWith the patch applied, the above same benchmark shows:\n\n  # resctl-bench -m 29.6G -r out.json run protection::scenario=mem-hog,loops=1\n  ...\n  Memory Hog Summary\n  ==================\n\n  IO Latency: R p50=123u:84.4u/985u p90=322u:256u/2.5m p99=1.6m:1.4m/9.5m max=11.1m:36.0m/350m\n              W p50=429u:274u/995u p90=1.7m:1.3m/4.5m p99=3.4m:2.7m/11.5m max=7.9m:5.9m/26.5m\n\n  Isolation and Request Latency Impact Distributions:\n\n                min   p01   p05   p10   p25   p50   p75   p90   p95   p99   max  mean stdev\n  isol%       84.91 84.91 89.51 90.73 92.31 94.49 96.36 98.04 98.71 100.0 100.0 94.42  2.81\n  lat-imp%        0     0     0     0     0  2.81  5.73 11.11 13.92 17.53 22.61  4.10  4.68\n\n  Result: isol=94.42:2.81% lat_imp=4.10%:4.68 work_csv=58.34% missing=0%(CVE-2022-49266)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmodule: fix [e_shstrndx].sh_size=0 OOB access\n\nIt is trivial to craft a module to trigger OOB access in this line:\n\n\tif (info-\u0026gt;secstrings[strhdr-\u0026gt;sh_size - 1] != \u0026apos;\\0\u0026apos;) {\n\nBUG: unable to handle page fault for address: ffffc90000aa0fff\nPGD 100000067 P4D 100000067 PUD 100066067 PMD 10436f067 PTE 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 7 PID: 1215 Comm: insmod Not tainted 5.18.0-rc5-00007-g9bf578647087-dirty #10\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/01/2014\nRIP: 0010:load_module+0x19b/0x2391\n\n[rebased patch onto modules-next](CVE-2022-49444)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove()\n\nIn fsl_mc_bus_remove(), mc-\u0026gt;root_mc_bus_dev-\u0026gt;mc_io is passed to\nfsl_destroy_mc_io(). However, mc-\u0026gt;root_mc_bus_dev is already freed in\nfsl_mc_device_remove(). Then reference to mc-\u0026gt;root_mc_bus_dev-\u0026gt;mc_io\ntriggers KASAN use-after-free. To avoid the use-after-free, keep the\nreference to mc-\u0026gt;root_mc_bus_dev-\u0026gt;mc_io in a local variable and pass to\nfsl_destroy_mc_io().\n\nThis patch needs rework to apply to kernels older than v5.15.(CVE-2022-49711)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.0-257.0.0.160.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["bpftool-5.10.0-257.0.0.160.oe2203sp4.aarch64.rpm","bpftool-debuginfo-5.10.0-257.0.0.160.oe2203sp4.aarch64.rpm","kernel-5.10.0-257.0.0.160.oe2203sp4.aarch64.rpm","kernel-debuginfo-5.10.0-257.0.0.160.oe2203sp4.aarch64.rpm","kernel-debugsource-5.10.0-257.0.0.160.oe2203sp4.aarch64.rpm","kernel-devel-5.10.0-257.0.0.160.oe2203sp4.aarch64.rpm","kernel-headers-5.10.0-257.0.0.160.oe2203sp4.aarch64.rpm","kernel-source-5.10.0-257.0.0.160.oe2203sp4.aarch64.rpm","kernel-tools-5.10.0-257.0.0.160.oe2203sp4.aarch64.rpm","kernel-tools-debuginfo-5.10.0-257.0.0.160.oe2203sp4.aarch64.rpm","kernel-tools-devel-5.10.0-257.0.0.160.oe2203sp4.aarch64.rpm","perf-5.10.0-257.0.0.160.oe2203sp4.aarch64.rpm","perf-debuginfo-5.10.0-257.0.0.160.oe2203sp4.aarch64.rpm","python3-perf-5.10.0-257.0.0.160.oe2203sp4.aarch64.rpm","python3-perf-debuginfo-5.10.0-257.0.0.160.oe2203sp4.aarch64.rpm"],"src":["kernel-5.10.0-257.0.0.160.oe2203sp4.src.rpm"],"x86_64":["bpftool-5.10.0-257.0.0.160.oe2203sp4.x86_64.rpm","bpftool-debuginfo-5.10.0-257.0.0.160.oe2203sp4.x86_64.rpm","kernel-5.10.0-257.0.0.160.oe2203sp4.x86_64.rpm","kernel-debuginfo-5.10.0-257.0.0.160.oe2203sp4.x86_64.rpm","kernel-debugsource-5.10.0-257.0.0.160.oe2203sp4.x86_64.rpm","kernel-devel-5.10.0-257.0.0.160.oe2203sp4.x86_64.rpm","kernel-headers-5.10.0-257.0.0.160.oe2203sp4.x86_64.rpm","kernel-source-5.10.0-257.0.0.160.oe2203sp4.x86_64.rpm","kernel-tools-5.10.0-257.0.0.160.oe2203sp4.x86_64.rpm","kernel-tools-debuginfo-5.10.0-257.0.0.160.oe2203sp4.x86_64.rpm","kernel-tools-devel-5.10.0-257.0.0.160.oe2203sp4.x86_64.rpm","perf-5.10.0-257.0.0.160.oe2203sp4.x86_64.rpm","perf-debuginfo-5.10.0-257.0.0.160.oe2203sp4.x86_64.rpm","python3-perf-5.10.0-257.0.0.160.oe2203sp4.x86_64.rpm","python3-perf-debuginfo-5.10.0-257.0.0.160.oe2203sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1338"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49266"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49444"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49711"}],"database_specific":{"severity":"High"}}