cve-2022-49796
Vulnerability from cvelistv5
Published
2025-05-01 14:09
Modified
2025-05-01 14:09
Severity ?
Summary
tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit()
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/22ea4ca9631eb137e64e5ab899e9c89cb6670959
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/28a54854a95923b6266a9479ad660ca2cc0e1d5f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/510c12f93674ea0a1423b24f36c67357168a262a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e57daa750369fedbf678346aec724a43b9a51749
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/kprobe_event_gen_test.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "28a54854a95923b6266a9479ad660ca2cc0e1d5f",
              "status": "affected",
              "version": "64836248dda20c8e7427b493f7e06d9bf8f58850",
              "versionType": "git"
            },
            {
              "lessThan": "e57daa750369fedbf678346aec724a43b9a51749",
              "status": "affected",
              "version": "64836248dda20c8e7427b493f7e06d9bf8f58850",
              "versionType": "git"
            },
            {
              "lessThan": "510c12f93674ea0a1423b24f36c67357168a262a",
              "status": "affected",
              "version": "64836248dda20c8e7427b493f7e06d9bf8f58850",
              "versionType": "git"
            },
            {
              "lessThan": "22ea4ca9631eb137e64e5ab899e9c89cb6670959",
              "status": "affected",
              "version": "64836248dda20c8e7427b493f7e06d9bf8f58850",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/kprobe_event_gen_test.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.156",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit()\n\nWhen test_gen_kprobe_cmd() failed after kprobe_event_gen_cmd_end(), it\nwill goto delete, which will call kprobe_event_delete() and release the\ncorresponding resource. However, the trace_array in gen_kretprobe_test\nwill point to the invalid resource. Set gen_kretprobe_test to NULL\nafter called kprobe_event_delete() to prevent null-ptr-deref.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000070\nPGD 0 P4D 0\nOops: 0000 [#1] SMP PTI\nCPU: 0 PID: 246 Comm: modprobe Tainted: G        W\n6.1.0-rc1-00174-g9522dc5c87da-dirty #248\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\nRIP: 0010:__ftrace_set_clr_event_nolock+0x53/0x1b0\nCode: e8 82 26 fc ff 49 8b 1e c7 44 24 0c ea ff ff ff 49 39 de 0f 84 3c\n01 00 00 c7 44 24 18 00 00 00 00 e8 61 26 fc ff 48 8b 6b 10 \u003c44\u003e 8b 65\n70 4c 8b 6d 18 41 f7 c4 00 02 00 00 75 2f\nRSP: 0018:ffffc9000159fe00 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffff88810971d268 RCX: 0000000000000000\nRDX: ffff8881080be600 RSI: ffffffff811b48ff RDI: ffff88810971d058\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001\nR10: ffffc9000159fe58 R11: 0000000000000001 R12: ffffffffa0001064\nR13: ffffffffa000106c R14: ffff88810971d238 R15: 0000000000000000\nFS:  00007f89eeff6540(0000) GS:ffff88813b600000(0000)\nknlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000070 CR3: 000000010599e004 CR4: 0000000000330ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __ftrace_set_clr_event+0x3e/0x60\n trace_array_set_clr_event+0x35/0x50\n ? 0xffffffffa0000000\n kprobe_event_gen_test_exit+0xcd/0x10b [kprobe_event_gen_test]\n __x64_sys_delete_module+0x206/0x380\n ? lockdep_hardirqs_on_prepare+0xd8/0x190\n ? syscall_enter_from_user_mode+0x1c/0x50\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f89eeb061b7"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-01T14:09:26.392Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/28a54854a95923b6266a9479ad660ca2cc0e1d5f"
        },
        {
          "url": "https://git.kernel.org/stable/c/e57daa750369fedbf678346aec724a43b9a51749"
        },
        {
          "url": "https://git.kernel.org/stable/c/510c12f93674ea0a1423b24f36c67357168a262a"
        },
        {
          "url": "https://git.kernel.org/stable/c/22ea4ca9631eb137e64e5ab899e9c89cb6670959"
        }
      ],
      "title": "tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit()",
      "x_generator": {
        "engine": "bippy-1.1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49796",
    "datePublished": "2025-05-01T14:09:26.392Z",
    "dateReserved": "2025-05-01T14:05:17.224Z",
    "dateUpdated": "2025-05-01T14:09:26.392Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-49796\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-05-01T15:16:02.887\",\"lastModified\":\"2025-05-01T15:16:02.887\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit()\\n\\nWhen test_gen_kprobe_cmd() failed after kprobe_event_gen_cmd_end(), it\\nwill goto delete, which will call kprobe_event_delete() and release the\\ncorresponding resource. However, the trace_array in gen_kretprobe_test\\nwill point to the invalid resource. Set gen_kretprobe_test to NULL\\nafter called kprobe_event_delete() to prevent null-ptr-deref.\\n\\nBUG: kernel NULL pointer dereference, address: 0000000000000070\\nPGD 0 P4D 0\\nOops: 0000 [#1] SMP PTI\\nCPU: 0 PID: 246 Comm: modprobe Tainted: G        W\\n6.1.0-rc1-00174-g9522dc5c87da-dirty #248\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\\nrel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\\nRIP: 0010:__ftrace_set_clr_event_nolock+0x53/0x1b0\\nCode: e8 82 26 fc ff 49 8b 1e c7 44 24 0c ea ff ff ff 49 39 de 0f 84 3c\\n01 00 00 c7 44 24 18 00 00 00 00 e8 61 26 fc ff 48 8b 6b 10 \u003c44\u003e 8b 65\\n70 4c 8b 6d 18 41 f7 c4 00 02 00 00 75 2f\\nRSP: 0018:ffffc9000159fe00 EFLAGS: 00010293\\nRAX: 0000000000000000 RBX: ffff88810971d268 RCX: 0000000000000000\\nRDX: ffff8881080be600 RSI: ffffffff811b48ff RDI: ffff88810971d058\\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001\\nR10: ffffc9000159fe58 R11: 0000000000000001 R12: ffffffffa0001064\\nR13: ffffffffa000106c R14: ffff88810971d238 R15: 0000000000000000\\nFS:  00007f89eeff6540(0000) GS:ffff88813b600000(0000)\\nknlGS:0000000000000000\\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\nCR2: 0000000000000070 CR3: 000000010599e004 CR4: 0000000000330ef0\\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\\nCall Trace:\\n \u003cTASK\u003e\\n __ftrace_set_clr_event+0x3e/0x60\\n trace_array_set_clr_event+0x35/0x50\\n ? 0xffffffffa0000000\\n kprobe_event_gen_test_exit+0xcd/0x10b [kprobe_event_gen_test]\\n __x64_sys_delete_module+0x206/0x380\\n ? lockdep_hardirqs_on_prepare+0xd8/0x190\\n ? syscall_enter_from_user_mode+0x1c/0x50\\n do_syscall_64+0x3f/0x90\\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\\nRIP: 0033:0x7f89eeb061b7\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/22ea4ca9631eb137e64e5ab899e9c89cb6670959\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/28a54854a95923b6266a9479ad660ca2cc0e1d5f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/510c12f93674ea0a1423b24f36c67357168a262a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e57daa750369fedbf678346aec724a43b9a51749\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.