CVE-2022-49796

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc1-00174-g9522dc5c87da-dirty

Description A potential null pointer dereference issue has been identified in the Linux kernel, specifically in the kprobe tracing functionality. This issue arises when the test gen kprobe cmd() function fails after kprobe event gen cmd end(), leading to the execution of the "delete" command, which calls kprobe event delete() and releases the corresponding resource. However, the trace array in gen kretprobe test will point to the invalid resource, causing a null pointer dereference. To prevent this, gen kretprobe test should be set to NULL after calling kprobe event delete(). The issue is related to the ftrace set clr event nolock() function and can cause a kernel crash.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.