SB20250226530 - Improper locking in Linux kernel md bcache driver
Published: February 26, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250226530
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2022-49327)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the run_cache_set() function in drivers/md/bcache/super.c, within the bch_journal_space_reserve(), do_journal_discard() and journal_reclaim() functions in drivers/md/bcache/journal.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1dda32aed6f62c163f38ff947ef5b3360e329159
- https://git.kernel.org/stable/c/32feee36c30ea06e38ccb8ae6e5c44c6eec790a6
- https://git.kernel.org/stable/c/5607652823ac65e2c6885e73bd46d5a4f9a20363
- https://git.kernel.org/stable/c/59afd4f287900c8187e968a4153ed35e6b48efce
- https://git.kernel.org/stable/c/6332ea3e35efa12dc08f0cbf5faea5e6e8eb0497
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.14