CVE-2022-48998

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc4+

Description The issue is related to a problem encountered with tests added by a specific commit, which causes a tentative to write above the stack. This happens because a tail call is done to a BPF program with a different stack depth, resulting in an erroneous increase of a register value. The problem was resolved by using a register to carry the tail call count during the tail call and saving it into the stack at function entry if required.

Recommendations For Linux kernel versions prior to 6.1.0-rc4+, update to a newer version that includes the fix for this issue. As a temporary workaround, consider disabling the test bpf module until a patch is available. Restrict access to the vulnerable powerpc/bpf/32 module to minimize the risk of exploitation. Avoid using the tail call feature in the affected API endpoints until the issue is resolved.