CVE-2022-48846: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability (CVE-2022-48846) was discovered related to the block subsystem where rq qos structures were not properly released for queues without disk. This issue was identified and resolved in 2022, affecting the block subsystem's memory management (Kernel Git).

The vulnerability arose when blkcginitqueue() added rq qos structures to request queues. Previously, blkcleanupqueue() would call rqqosexit() to release these structures. However, commit 8e141f9eb803 moved rqqosexit() into delgendisk(), causing memory leaks for queues without disks, such as un-present scsi luns and nvme admin queues. The issue was fixed by adding rqqosexit() back to blkcleanup_queue() (Kernel Git).

The vulnerability resulted in memory leaks in the Linux kernel's block subsystem, specifically affecting queues without disks. This could lead to gradual system memory depletion over time (Kernel Git).

The issue was fixed by reintroducing rqqosexit() in blkcleanupqueue(). The fix was implemented in the kernel, and version 5.18 and later versions have a different implementation where blkcginitqueue()/blkcgexitqueue() are moved into disk allocation/release handler, making this specific fix unnecessary (Kernel Git).