cve-2022-49799
Vulnerability from cvelistv5
Published
2025-05-01 14:09
Modified
2025-05-01 14:09
Severity ?
EPSS score ?
Summary
tracing: Fix wild-memory-access in register_synth_event()
References
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/trace_events_synth.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "315b149f08229a233d47532eb5da1707b28f764c",
"status": "affected",
"version": "4b147936fa509650beaf638b331573c23ba4d609",
"versionType": "git"
},
{
"lessThan": "6517b97134f724d12f673f9fb4f456d75c7a905f",
"status": "affected",
"version": "4b147936fa509650beaf638b331573c23ba4d609",
"versionType": "git"
},
{
"lessThan": "a5bfa53e5036b3e7a80be902dd3719a930accabd",
"status": "affected",
"version": "4b147936fa509650beaf638b331573c23ba4d609",
"versionType": "git"
},
{
"lessThan": "1b5f1c34d3f5a664a57a5a7557a50e4e3cc2505c",
"status": "affected",
"version": "4b147936fa509650beaf638b331573c23ba4d609",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/trace/trace_events_synth.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.156",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix wild-memory-access in register_synth_event()\n\nIn register_synth_event(), if set_synth_event_print_fmt() failed, then\nboth trace_remove_event_call() and unregister_trace_event() will be\ncalled, which means the trace_event_call will call\n__unregister_trace_event() twice. As the result, the second unregister\nwill causes the wild-memory-access.\n\nregister_synth_event\n set_synth_event_print_fmt failed\n trace_remove_event_call\n event_remove\n if call-\u003eevent.funcs then\n __unregister_trace_event (first call)\n unregister_trace_event\n __unregister_trace_event (second call)\n\nFix the bug by avoiding to call the second __unregister_trace_event() by\nchecking if the first one is called.\n\ngeneral protection fault, probably for non-canonical address\n\t0xfbd59c0000000024: 0000 [#1] SMP KASAN PTI\nKASAN: maybe wild-memory-access in range\n[0xdead000000000120-0xdead000000000127]\nCPU: 0 PID: 3807 Comm: modprobe Not tainted\n6.1.0-rc1-00186-g76f33a7eedb4 #299\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\nRIP: 0010:unregister_trace_event+0x6e/0x280\nCode: 00 fc ff df 4c 89 ea 48 c1 ea 03 80 3c 02 00 0f 85 0e 02 00 00 48\nb8 00 00 00 00 00 fc ff df 4c 8b 63 08 4c 89 e2 48 c1 ea 03 \u003c80\u003e 3c 02\n00 0f 85 e2 01 00 00 49 89 2c 24 48 85 ed 74 28 e8 7a 9b\nRSP: 0018:ffff88810413f370 EFLAGS: 00010a06\nRAX: dffffc0000000000 RBX: ffff888105d050b0 RCX: 0000000000000000\nRDX: 1bd5a00000000024 RSI: ffff888119e276e0 RDI: ffffffff835a8b20\nRBP: dead000000000100 R08: 0000000000000000 R09: fffffbfff0913481\nR10: ffffffff8489a407 R11: fffffbfff0913480 R12: dead000000000122\nR13: ffff888105d050b8 R14: 0000000000000000 R15: ffff888105d05028\nFS: 00007f7823e8d540(0000) GS:ffff888119e00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f7823e7ebec CR3: 000000010a058002 CR4: 0000000000330ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __create_synth_event+0x1e37/0x1eb0\n create_or_delete_synth_event+0x110/0x250\n synth_event_run_command+0x2f/0x110\n test_gen_synth_cmd+0x170/0x2eb [synth_event_gen_test]\n synth_event_gen_test_init+0x76/0x9bc [synth_event_gen_test]\n do_one_initcall+0xdb/0x480\n do_init_module+0x1cf/0x680\n load_module+0x6a50/0x70a0\n __do_sys_finit_module+0x12f/0x1c0\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T14:09:28.377Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/315b149f08229a233d47532eb5da1707b28f764c"
},
{
"url": "https://git.kernel.org/stable/c/6517b97134f724d12f673f9fb4f456d75c7a905f"
},
{
"url": "https://git.kernel.org/stable/c/a5bfa53e5036b3e7a80be902dd3719a930accabd"
},
{
"url": "https://git.kernel.org/stable/c/1b5f1c34d3f5a664a57a5a7557a50e4e3cc2505c"
}
],
"title": "tracing: Fix wild-memory-access in register_synth_event()",
"x_generator": {
"engine": "bippy-1.1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49799",
"datePublished": "2025-05-01T14:09:28.377Z",
"dateReserved": "2025-05-01T14:05:17.225Z",
"dateUpdated": "2025-05-01T14:09:28.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-49799\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-05-01T15:16:03.200\",\"lastModified\":\"2025-05-01T15:16:03.200\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntracing: Fix wild-memory-access in register_synth_event()\\n\\nIn register_synth_event(), if set_synth_event_print_fmt() failed, then\\nboth trace_remove_event_call() and unregister_trace_event() will be\\ncalled, which means the trace_event_call will call\\n__unregister_trace_event() twice. As the result, the second unregister\\nwill causes the wild-memory-access.\\n\\nregister_synth_event\\n set_synth_event_print_fmt failed\\n trace_remove_event_call\\n event_remove\\n if call-\u003eevent.funcs then\\n __unregister_trace_event (first call)\\n unregister_trace_event\\n __unregister_trace_event (second call)\\n\\nFix the bug by avoiding to call the second __unregister_trace_event() by\\nchecking if the first one is called.\\n\\ngeneral protection fault, probably for non-canonical address\\n\\t0xfbd59c0000000024: 0000 [#1] SMP KASAN PTI\\nKASAN: maybe wild-memory-access in range\\n[0xdead000000000120-0xdead000000000127]\\nCPU: 0 PID: 3807 Comm: modprobe Not tainted\\n6.1.0-rc1-00186-g76f33a7eedb4 #299\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\\nrel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\\nRIP: 0010:unregister_trace_event+0x6e/0x280\\nCode: 00 fc ff df 4c 89 ea 48 c1 ea 03 80 3c 02 00 0f 85 0e 02 00 00 48\\nb8 00 00 00 00 00 fc ff df 4c 8b 63 08 4c 89 e2 48 c1 ea 03 \u003c80\u003e 3c 02\\n00 0f 85 e2 01 00 00 49 89 2c 24 48 85 ed 74 28 e8 7a 9b\\nRSP: 0018:ffff88810413f370 EFLAGS: 00010a06\\nRAX: dffffc0000000000 RBX: ffff888105d050b0 RCX: 0000000000000000\\nRDX: 1bd5a00000000024 RSI: ffff888119e276e0 RDI: ffffffff835a8b20\\nRBP: dead000000000100 R08: 0000000000000000 R09: fffffbfff0913481\\nR10: ffffffff8489a407 R11: fffffbfff0913480 R12: dead000000000122\\nR13: ffff888105d050b8 R14: 0000000000000000 R15: ffff888105d05028\\nFS: 00007f7823e8d540(0000) GS:ffff888119e00000(0000)\\nknlGS:0000000000000000\\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\nCR2: 00007f7823e7ebec CR3: 000000010a058002 CR4: 0000000000330ef0\\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\\nCall Trace:\\n \u003cTASK\u003e\\n __create_synth_event+0x1e37/0x1eb0\\n create_or_delete_synth_event+0x110/0x250\\n synth_event_run_command+0x2f/0x110\\n test_gen_synth_cmd+0x170/0x2eb [synth_event_gen_test]\\n synth_event_gen_test_init+0x76/0x9bc [synth_event_gen_test]\\n do_one_initcall+0xdb/0x480\\n do_init_module+0x1cf/0x680\\n load_module+0x6a50/0x70a0\\n __do_sys_finit_module+0x12f/0x1c0\\n do_syscall_64+0x3f/0x90\\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1b5f1c34d3f5a664a57a5a7557a50e4e3cc2505c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/315b149f08229a233d47532eb5da1707b28f764c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6517b97134f724d12f673f9fb4f456d75c7a905f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a5bfa53e5036b3e7a80be902dd3719a930accabd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.