CVE-2022-49402

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A general protection fault can occur in the Linux kernel due to a failure in the register ftrace direct function. This issue arises when the ftrace find rec direct function is called, leading to a non-canonical address access. The problem is triggered by loading a livepatch that patches a kernel function and then running a bpftrace command that fails, causing a general protection fault on subsequent attempts. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the register ftrace direct failure. As a temporary workaround, consider disabling the bpftrace functionality until a patch is available. Additionally, restrict access to the ftrace module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.