CVE-2022-49873

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix wrong reg type conversion in release_reference() Some helper functions will allocate memory. To avoid memory leaks, the verifier requires the eBPF program to release these memories by calling the corresponding helper functions. When a resource is released, all pointer registers corresponding to the resource should be invalidated. The verifier use release_references() to do this job, by apply __mark_reg_unknown() to each relevant register. It will give these registers the type of SCALAR_VALUE. A register that will contain a pointer value at runtime, but of type SCALAR_VALUE, which may allow the unprivileged user to get a kernel pointer by storing this register into a map. Using __mark_reg_not_init() while NOT allow_ptr_leaks can mitigate this problem.

Reserved 2025-05-01 | Published 2025-05-01 | Updated 2025-05-04 | Assigner Linux

Product status

Default status
unaffected

fd978bf7fd312581a7ca454a991f0ffb34c4204b before cedd4f01f67be94735f15123158f485028571037
affected

fd978bf7fd312581a7ca454a991f0ffb34c4204b before 466ce46f251dfb259a8cbaa895ab9edd6fb56240
affected

fd978bf7fd312581a7ca454a991f0ffb34c4204b before ae5ccad6c711db0f2ca1231be051935dd128b8f5
affected

fd978bf7fd312581a7ca454a991f0ffb34c4204b before f1db20814af532f85e091231223e5e4818e8464b
affected

Default status
affected

4.20
affected

Any version before 4.20
unaffected

5.10.155
unaffected

5.15.79
unaffected

6.0.9
unaffected

6.1
unaffected

References

git.kernel.org/...c/cedd4f01f67be94735f15123158f485028571037

git.kernel.org/...c/466ce46f251dfb259a8cbaa895ab9edd6fb56240

git.kernel.org/...c/ae5ccad6c711db0f2ca1231be051935dd128b8f5

git.kernel.org/...c/f1db20814af532f85e091231223e5e4818e8464b

cve.org (CVE-2022-49873)

nvd.nist.gov (CVE-2022-49873)

Download JSON