{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T14:39:40.031","vulnerabilities":[{"cve":{"id":"CVE-2022-49297","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-02-26T07:01:06.527","lastModified":"2025-10-21T11:45:48.950","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix io hung while disconnecting device\n\nIn our tests, \"qemu-nbd\" triggers a io hung:\n\nINFO: task qemu-nbd:11445 blocked for more than 368 seconds.\n      Not tainted 5.18.0-rc3-next-20220422-00003-g2176915513ca #884\n\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:qemu-nbd        state:D stack:    0 pid:11445 ppid:     1 flags:0x00000000\nCall Trace:\n <TASK>\n __schedule+0x480/0x1050\n ? _raw_spin_lock_irqsave+0x3e/0xb0\n schedule+0x9c/0x1b0\n blk_mq_freeze_queue_wait+0x9d/0xf0\n ? ipi_rseq+0x70/0x70\n blk_mq_freeze_queue+0x2b/0x40\n nbd_add_socket+0x6b/0x270 [nbd]\n nbd_ioctl+0x383/0x510 [nbd]\n blkdev_ioctl+0x18e/0x3e0\n __x64_sys_ioctl+0xac/0x120\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7fd8ff706577\nRSP: 002b:00007fd8fcdfebf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 0000000040000000 RCX: 00007fd8ff706577\nRDX: 000000000000000d RSI: 000000000000ab00 RDI: 000000000000000f\nRBP: 000000000000000f R08: 000000000000fbe8 R09: 000055fe497c62b0\nR10: 00000002aff20000 R11: 0000000000000246 R12: 000000000000006d\nR13: 0000000000000000 R14: 00007ffe82dc5e70 R15: 00007fd8fcdff9c0\n\n\"qemu-ndb -d\" will call ioctl 'NBD_DISCONNECT' first, however, following\nmessage was found:\n\nblock nbd0: Send disconnect failed -32\n\nWhich indicate that something is wrong with the server. Then,\n\"qemu-nbd -d\" will call ioctl 'NBD_CLEAR_SOCK', however ioctl can't clear\nrequests after commit 2516ab1543fd(\"nbd: only clear the queue on device\nteardown\"). And in the meantime, request can't complete through timeout\nbecause nbd_xmit_timeout() will always return 'BLK_EH_RESET_TIMER', which\nmeans such request will never be completed in this situation.\n\nNow that the flag 'NBD_CMD_INFLIGHT' can make sure requests won't\ncomplete multiple times, switch back to call nbd_clear_sock() in\nnbd_clear_sock_ioctl(), so that inflight requests can be cleared."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nbd: se corrige el bloqueo de E/S al desconectar el dispositivo En nuestras pruebas, \"qemu-nbd\" activa un bloqueo de E/S: INFORMACIÓN: la tarea qemu-nbd:11445 estuvo bloqueada durante más de 368 segundos. No contaminada 5.18.0-rc3-next-20220422-00003-g2176915513ca #884 \"echo 0 &gt; /proc/sys/kernel/hung_task_timeout_secs\" deshabilita este mensaje. tarea:qemu-nbd estado:D pila: 0 pid:11445 ppid: 1 indicadores:0x00000000 Seguimiento de llamadas:   __schedule+0x480/0x1050 ? _raw_spin_lock_irqsave+0x3e/0xb0 schedule+0x9c/0x1b0 blk_mq_freeze_queue_wait+0x9d/0xf0 ? ipi_rseq+0x70/0x70 blk_mq_freeze_queue+0x2b/0x40 nbd_add_socket+0x6b/0x270 [nbd] nbd_ioctl+0x383/0x510 [nbd] blkdev_ioctl+0x18e/0x3e0 __x64_sys_ioctl+0xac/0x120 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd8ff706577 RSP: 002b:00007fd8fcdfebf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000040000000 RCX: 00007fd8ff706577 RDX: 000000000000000d RSI: 000000000000ab00 RDI: 00000000000000f RBP: 00000000000000f R08: 000000000000fbe8 R09: 000055fe497c62b0 R10: 00000002aff20000 R11: 0000000000000246 R12: 0000000000000006d R13: 00000000000000000 R14: 00007ffe82dc5e70 R15: 00007fd8fcdff9c0 \"qemu-ndb -d\" llamará primero a ioctl 'NBD_DISCONNECT', sin embargo, se encontró el siguiente mensaje: block nbd0: Send desconect failed -32 Lo que indica que algo anda mal con el servidor. Luego, \"qemu-nbd -d\" llamará a ioctl 'NBD_CLEAR_SOCK', sin embargo, ioctl no puede borrar las solicitudes después de el commit 2516ab1543fd(\"nbd: solo limpia la cola al desmantelar el dispositivo\"). Mientras tanto, la solicitud no se puede completar después del tiempo de espera porque nbd_xmit_timeout() siempre devolverá 'BLK_EH_RESET_TIMER', lo que significa que dicha solicitud nunca se completará en esta situación. Ahora que el indicador 'NBD_CMD_INFLIGHT' puede garantizar que las solicitudes no se completen varias veces, vuelva a llamar a nbd_clear_sock() en nbd_clear_sock_ioctl(), de modo que las solicitudes en curso se puedan borrar."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"4.14.283","matchCriteriaId":"42074657-A7B6-4740-88B7-67B440018C1C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"4.19.247","matchCriteriaId":"B8CFA0F4-2D75-41F4-9753-87944A08B53B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.4.198","matchCriteriaId":"3EC49633-14DE-4EBD-BB80-76AE2E3EABB9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.122","matchCriteriaId":"1B42AA01-44D8-4572-95E6-FF8E374CF9C5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.47","matchCriteriaId":"FC042EE3-4864-4325-BE0B-4BCDBF11AA61"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"5.17.15","matchCriteriaId":"53E7AA2E-2FB4-45CA-A22B-08B4EDBB51AD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"5.18.4","matchCriteriaId":"FA6D643C-6D6A-4821-8A8D-B5776B8F0103"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/09dadb5985023e27d4740ebd17e6fea4640110e5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/141318e62db87105b0103fccc59c9c5940da248d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/54b06dc2a206b4d67349bb56b92d4bd32700b7b1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/62d227f67a8c25d5e16f40e5290607f9306d2188","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/67e403136a0e1a55fef6a05f103a3979a39ad3fd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/69893d6d7f5c10d8306c1b5fc64b71efc91aa6cd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c4ba982bd5084fa659ef518aaf159e4dab02ecda","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f72df77600a43e59b3189e53b47f8685739867d3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}