CVE-2022-48848

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17.0-rc6-next-20220307-nico+ #19

Description The issue is related to the tracing/osnoise component of the Linux kernel, where an attempt to unregister an unregistered tracepoint results in a kernel warning. This occurs when using the trace-cmd record command with specific options, which first stops tracing and then switches the tracer to nop. The osnoise tracer stops the workload when no trace instance is collecting data, and this can be caused by either disabling tracing or disabling the tracer itself. To avoid unregistering events twice, the existing trace osnoise callback enabled variable can be used to check if events and the workload are active before deactivating them.

Recommendations To resolve the issue, use the existing trace osnoise callback enabled variable to check if events and the workload are active before trying to deactivate them. As a temporary workaround, consider disabling the osnoise workload stop function until a patch is available. Restrict access to the vulnerable tracing set tracer function to minimize the risk of exploitation. Avoid using the tracepoint probe unregister function in the affected API endpoint until the issue is resolved.