{"id":"CVE-2022-50530","summary":"blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping()\n\nOur syzkaller report a null pointer dereference, root cause is\nfollowing:\n\n__blk_mq_alloc_map_and_rqs\n set-\u003etags[hctx_idx] = blk_mq_alloc_map_and_rqs\n  blk_mq_alloc_map_and_rqs\n   blk_mq_alloc_rqs\n    // failed due to oom\n    alloc_pages_node\n    // set-\u003etags[hctx_idx] is still NULL\n    blk_mq_free_rqs\n     drv_tags = set-\u003etags[hctx_idx];\n     // null pointer dereference is triggered\n     blk_mq_clear_rq_mapping(drv_tags, ...)\n\nThis is because commit 63064be150e4 (\"blk-mq:\nAdd blk_mq_alloc_map_and_rqs()\") merged the two steps:\n\n1) set-\u003etags[hctx_idx] = blk_mq_alloc_rq_map()\n2) blk_mq_alloc_rqs(..., set-\u003etags[hctx_idx])\n\ninto one step:\n\nset-\u003etags[hctx_idx] = blk_mq_alloc_map_and_rqs()\n\nSince tags is not initialized yet in this case, fix the problem by\nchecking if tags is NULL pointer in blk_mq_clear_rq_mapping().","modified":"2026-03-20T12:12:09.433110Z","published":"2025-10-07T15:19:21.259Z","related":["SUSE-SU-2025:4111-1","SUSE-SU-2025:4139-1","SUSE-SU-2025:4149-1","SUSE-SU-2025:4320-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50530.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/6a440e6d04431e774dc084abe88c106e2a474c1a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/76dd298094f484c6250ebd076fa53287477b2328"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50530.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50530"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"63064be150e4b1ba1e4af594ef5aa81adf21a52d"},{"fixed":"6a440e6d04431e774dc084abe88c106e2a474c1a"},{"fixed":"76dd298094f484c6250ebd076fa53287477b2328"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50530.json"}}],"schema_version":"1.7.5"}