SB20251008107 - Improper locking in Linux kernel md driver
Published: October 8, 2025 Updated: October 26, 2025
Security Bulletin ID
SB20251008107
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2022-50549)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __create_persistent_data_objects(), dm_pool_metadata_close() and __set_abort_with_changes_flags() functions in drivers/md/dm-thin-metadata.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/200aa33b5d781e7c0fa6c0c7db9dbcc3f574ce8f
- https://git.kernel.org/stable/c/2d891cc5a1706b6908bceb56af7176a463ee6d62
- https://git.kernel.org/stable/c/7e37578069737b04955c71dd85db8a3bc2709eff
- https://git.kernel.org/stable/c/8111964f1b8524c4bb56b02cd9c7a37725ea21fd
- https://git.kernel.org/stable/c/cdf7a39bcc427febbfe3c3b9fe829825ead96c27
- https://git.kernel.org/stable/c/f8c26c33fef588ee54852cffa7cbb9f9d9869405
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.87