CVE-2022-50069

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0-rc7

Description A potential bad pointer dereference issue exists in the bpf sys bpf() helper function, which allows an eBPF program to load another eBPF program from within the kernel. The issue arises when the argument union bpf attr pointer is a kernel address instead of a userspace address. This can lead to problems when an eBPF syscall program tries to call bpf sys bpf() to load a program but provides a bad insns pointer. The code is always happy to dereference the bad pointer, triggering a page fault and an oops.

Recommendations For Linux kernel versions prior to 5.19.0-rc7, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting the use of the bpf sys bpf() helper function until a patch is available. Avoid using the insns pointer in the bpf attr union to minimize the risk of exploitation.