CVE-2022-49840

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A problem of alignment in the bpf prog test run skb() function has been resolved. The issue occurred when the size of the user bpf program was an odd number, causing unaligned access to the struct skb shared info. This led to a use-after-free read error. The error was detected by syzkaller due to an aarch64 alignment fault when KFENCE was enabled.

Recommendations To resolve the issue, adjust the @size so that (@size + @hearoom) is a multiple of SMP CACHE BYTES, ensuring the struct skb shared info is aligned to a cache line. At the moment, there is no information about a newer version that contains a fix for this vulnerability.