CVE-2022-49341

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version containing the fix for the issue described

Description A vulnerability has been identified in the Linux kernel related to the bpf arm64 component. The issue arises when the bpf prog get info by fd() function attempts to copy the JIT image to user space, relying on prog->jited len to determine the size of the copy. It is theorized that this vulnerability could be triggered if prog->jited len is set to a specific value, such as 43, while prog->bpf func is cleared. This could potentially lead to a kernel memory exposure attempt, as detected by the usercopy mechanism. The vulnerability was discovered through an illegal copy to user() attempt reported by syzbot.

Recommendations As a temporary workaround, consider disabling the bpf prog get info by fd() function until a patch is available. Restrict access to the bpf arm64 component to minimize the risk of exploitation. Avoid using the copy to user() function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.