nluedtke / linux_kernel_cves

Tracking CVEs for the linux Kernel
Apache License 2.0
739 stars 71 forks source link

[DATA] CVE-2022-20158 #380

Open ML2ViS opened 8 months ago

ML2ViS commented 8 months ago

Change Type Requested Update

CVE id number CVE-2022-20158

References Links providing information on the CVE.

Additional context CVE-2022-20158: mm: backing-dev: Take a reference to the bdi in use to prevent UAF

AOSP kernel 4.14 contains following 2 patches.

The first commit 69e8f03("mm: backing-dev: Take a reference to the bdi in use to prevent UAF") is not merged in the mainline and stable kernels. Commit 80d91b8 was merged in 5.16-rc1(commit hash is 0b3ea0926afb8dde70cfab00316ae0a70b93a7cc) which requires commit c6fd3ac ("mm: export bdi_unregister") that exports symbol of bdi_unregister().

Fixed status mainline: [0b3ea0926afb8dde70cfab00316ae0a70b93a7cc]