[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2022-49179":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":17,"related":18,"reserved_at":9,"published_at":19,"modified_at":20,"state":9,"summary":21,"references_raw":23,"kevs":30,"epss":9,"epss_history":31,"metrics":32,"affected":39},"DEBIAN-CVE-2022-49179","In the Linux kernel, the following vulnerability has been resolved:  block, bfq: don't move oom_bfqq  Our test report a UAF:  [ 2073.019181] ================================================================== [ 2073.019188] BUG: KASAN: use-after-free in __bfq_put_async_bfqq+0xa0/0x168 [ 2073.019191] Write of size 8 at addr ffff8000ccf64128 by task rmmod/72584 [ 2073.019192] [ 2073.019196] CPU: 0 PID: 72584 Comm: rmmod Kdump: loaded Not tainted 4.19.90-yk #5 [ 2073.019198] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 [ 2073.019200] Call trace: [ 2073.019203]  dump_backtrace+0x0/0x310 [ 2073.019206]  show_stack+0x28/0x38 [ 2073.019210]  dump_stack+0xec/0x15c [ 2073.019216]  print_address_description+0x68/0x2d0 [ 2073.019220]  kasan_report+0x238/0x2f0 [ 2073.019224]  __asan_store8+0x88/0xb0 [ 2073.019229]  __bfq_put_async_bfqq+0xa0/0x168 [ 2073.019233]  bfq_put_async_queues+0xbc/0x208 [ 2073.019236]  bfq_pd_offline+0x178/0x238 [ 2073.019240]  blkcg_deactivate_policy+0x1f0/0x420 [ 2073.019244]  bfq_exit_queue+0x128/0x178 [ 2073.019249]  blk_mq_exit_sched+0x12c/0x160 [ 2073.019252]  elevator_exit+0xc8/0xd0 [ 2073.019256]  blk_exit_queue+0x50/0x88 [ 2073.019259]  blk_cleanup_queue+0x228/0x3d8 [ 2073.019267]  null_del_dev+0xfc/0x1e0 [null_blk] [ 2073.019274]  null_exit+0x90/0x114 [null_blk] [ 2073.019278]  __arm64_sys_delete_module+0x358/0x5a0 [ 2073.019282]  el0_svc_common+0xc8/0x320 [ 2073.019287]  el0_svc_handler+0xf8/0x160 [ 2073.019290]  el0_svc+0x10/0x218 [ 2073.019291] [ 2073.019294] Allocated by task 14163: [ 2073.019301]  kasan_kmalloc+0xe0/0x190 [ 2073.019305]  kmem_cache_alloc_node_trace+0x1cc/0x418 [ 2073.019308]  bfq_pd_alloc+0x54/0x118 [ 2073.019313]  blkcg_activate_policy+0x250/0x460 [ 2073.019317]  bfq_create_group_hierarchy+0x38/0x110 [ 2073.019321]  bfq_init_queue+0x6d0/0x948 [ 2073.019325]  blk_mq_init_sched+0x1d8/0x390 [ 2073.019330]  elevator_switch_mq+0x88/0x170 [ 2073.019334]  elevator_switch+0x140/0x270 [ 2073.019338]  elv_iosched_store+0x1a4/0x2a0 [ 2073.019342]  queue_attr_store+0x90/0xe0 [ 2073.019348]  sysfs_kf_write+0xa8/0xe8 [ 2073.019351]  kernfs_fop_write+0x1f8/0x378 [ 2073.019359]  __vfs_write+0xe0/0x360 [ 2073.019363]  vfs_write+0xf0/0x270 [ 2073.019367]  ksys_write+0xdc/0x1b8 [ 2073.019371]  __arm64_sys_write+0x50/0x60 [ 2073.019375]  el0_svc_common+0xc8/0x320 [ 2073.019380]  el0_svc_handler+0xf8/0x160 [ 2073.019383]  el0_svc+0x10/0x218 [ 2073.019385] [ 2073.019387] Freed by task 72584: [ 2073.019391]  __kasan_slab_free+0x120/0x228 [ 2073.019394]  kasan_slab_free+0x10/0x18 [ 2073.019397]  kfree+0x94/0x368 [ 2073.019400]  bfqg_put+0x64/0xb0 [ 2073.019404]  bfqg_and_blkg_put+0x90/0xb0 [ 2073.019408]  bfq_put_queue+0x220/0x228 [ 2073.019413]  __bfq_put_async_bfqq+0x98/0x168 [ 2073.019416]  bfq_put_async_queues+0xbc/0x208 [ 2073.019420]  bfq_pd_offline+0x178/0x238 [ 2073.019424]  blkcg_deactivate_policy+0x1f0/0x420 [ 2073.019429]  bfq_exit_queue+0x128/0x178 [ 2073.019433]  blk_mq_exit_sched+0x12c/0x160 [ 2073.019437]  elevator_exit+0xc8/0xd0 [ 2073.019440]  blk_exit_queue+0x50/0x88 [ 2073.019443]  blk_cleanup_queue+0x228/0x3d8 [ 2073.019451]  null_del_dev+0xfc/0x1e0 [null_blk] [ 2073.019459]  null_exit+0x90/0x114 [null_blk] [ 2073.019462]  __arm64_sys_delete_module+0x358/0x5a0 [ 2073.019467]  el0_svc_common+0xc8/0x320 [ 2073.019471]  el0_svc_handler+0xf8/0x160 [ 2073.019474]  el0_svc+0x10/0x218 [ 2073.019475] [ 2073.019479] The buggy address belongs to the object at ffff8000ccf63f00  which belongs to the cache kmalloc-1024 of size 1024 [ 2073.019484] The buggy address is located 552 bytes inside of  1024-byte region [ffff8000ccf63f00, ffff8000ccf64300) [ 2073.019486] The buggy address belongs to the page: [ 2073.019492] page:ffff7e000333d800 count:1 mapcount:0 mapping:ffff8000c0003a00 index:0x0 compound_mapcount: 0 [ 2073.020123] flags: 0x7ffff0000008100(slab|head) [ 2073.020403] raw: 07ffff0000008100 ffff7e0003334c08 ffff7e00001f5a08 ffff8000c0003a00 [ 2073.020409] ra ---truncated---",null,[],[],[],[14],{"_key":15},"CVE-2022-49179",[],[],[],"2025-02-26T07:00:55.037Z","2026-04-28T20:25:05.080789Z",{"cisa_kev":22,"cisa_ransomware":22,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[24],{"url":25,"sources":26,"tags":28},"https://security-tracker.debian.org/tracker/CVE-2022-49179",[27],"osv_debian",[29],"Advisory",[],[],[33],{"source":27,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":34,"cvss_v4_0":9},{"baseScore":35,"baseSeverity":9,"vectorString":36,"impactScore":37,"exploitabilityScore":38},7.8,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",9.8,4.6,[40],{"ecosystem":41,"name":42,"vendor":43,"product":42,"cpe_part":9,"purl_type":44,"purl_namespace":43,"purl_name":42,"source":9,"versions":45},"Debian","linux","debian","deb",[46,52,55,56],{"version":47,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":50,"version_end_type":51,"fixed_in":9},"lt5_10_113_1",true,"ecosystem","5.10.113-1","excluding",{"version":53,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":54,"version_end_type":51,"fixed_in":9},"lt5_17_3_1","5.17.3-1",{"version":53,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":54,"version_end_type":51,"fixed_in":9},{"version":53,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":54,"version_end_type":51,"fixed_in":9}]