SB20250620172 - Infinite loop in Linux kernel block driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Infinite loop (CVE-ID: CVE-2022-49993)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the loop_set_status_from_info() function in drivers/block/loop.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/0455bef69028c65065f16bb04635591b2374249b
• https://git.kernel.org/stable/c/18e28817cb516b39de6281f6db9b0618b2cc7b42
• https://git.kernel.org/stable/c/6858933131d0dadac071c4d33335a9ea4b8e76cf
• https://git.kernel.org/stable/c/9be7fa7ead18a48940df7b59d993bbc8b9055c15
• https://git.kernel.org/stable/c/a217715338fd48f72114725aa7a40e484a781ca7
• https://git.kernel.org/stable/c/adf0112d9b8acb03485624220b4934f69bf13369
• https://git.kernel.org/stable/c/b40877b8562c5720d0a7fce20729f56b75a3dede
• https://git.kernel.org/stable/c/c490a0b5a4f36da3918181a8acdc6991d967c5f3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.292
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.257
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.312
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.327
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.140
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.64
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.6
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.212
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.274
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0