CVE-2022-50219

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A Use After Free bug was found in the compute effective progs() function. The issue occurs when a fault is injected into an allocation failure while calling bpf link detach() on a number of BPF links. This triggers the link to be freed, but the memory allocation failure causes the pointer to the bpf cgroup link to be restored and then freed, resulting in a dereferenced already deallocated pointer in prog list length(). This bug was discovered by Syzbot.

Recommendations To fix this issue, do not preserve the pointer to the prog or link in the list, but remove it and replace it with a dummy prog without shrinking the table. The subsequent call to cgroup bpf detach() or cgroup bpf detach() will correct it.