CVE-2022-49873

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue concerns a problem in the Linux kernel's bpf (Berkeley Packet Filter) where a wrong type conversion in the release reference() function can lead to potential memory leaks. Helper functions may allocate memory, and to prevent leaks, the eBPF program must release this memory by calling corresponding helper functions. When a resource is released, all relevant pointer registers should be invalidated to prevent potential exploitation. The verifier uses release references() to apply mark reg unknown() to each relevant register, marking them as SCALAR VALUE. However, a register with a SCALAR VALUE type that contains a pointer value at runtime could allow an unprivileged user to obtain a kernel pointer by storing the register in a map. Using mark reg not init() while not allowing pointer leaks can mitigate this problem.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.