CVE-2022-50580

A potential integer overflow vulnerability was discovered during a code review in the Linux kernel's block layer throttling implementation. Specifically, in the function tg_with_in_bps_limit(), the multiplication bps_limit * jiffy_elapsed_rnd could overflow, leading to an incorrect wait time calculation. This issue is fixed by replacing the direct multiplication with the safer helper mul_u64_u64_div_u64(), which handles large values without overflow.

The overflow occurs when the product of the byte-per-second limit and the elapsed time in jiffies exceeds the maximum value representable by a 64-bit integer. Since both values can be large under high I/O loads or long observation windows, the resulting overflow could cause the computed wait time to be smaller than intended, potentially allowing a process to exceed its configured bandwidth throttle.

An attacker with the ability to generate significant I/O activity and influence the timing of throttle calculations could exploit this to bypass I/O bandwidth limits. However, the issue was identified through static analysis, and there is no evidence of active exploitation in the wild. The vulnerability is present in kernel versions prior to the inclusion of the fix commits.

The fix has been applied to the Linux kernel stable tree via commits [1] and [2]. Users are advised to update to the latest stable kernel versions that contain these patches. No workarounds are known, as the issue is resolved by the code change.