CVE-2022-49006

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue arises when a dynamic event, such as a kprobe event, is traced and then removed, allowing its type number to be reused by a newly created dynamic event. This can lead to the new event's logic being used to parse the binary blob, potentially causing problems. The issue can be demonstrated by creating and removing 65536 dynamic events, which can cause the kernel to crash. Technical details include the use of the kprobe events file to create and remove events, and the do sys openat2 function call being traced. The arg1 variable is used to store the first parameter of the function call, and the +0($arg2):string syntax is used to read a string from the arg2 variable.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.