cve-2022-49875
Vulnerability from cvelistv5
Published
2025-05-01 14:10
Modified
2025-05-01 14:10
Severity ?
EPSS score ?
Summary
bpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without FILE
References
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"tools/bpf/bpftool/common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8c80b2fca4112d724dde477aed13f7b0510a2792",
"status": "affected",
"version": "75a1e792c335b5c6d7fdb1014da47aeb64c5944f",
"versionType": "git"
},
{
"lessThan": "6dcdd1b68b7f9333d48d48fc77b75e7f235f6a4a",
"status": "affected",
"version": "75a1e792c335b5c6d7fdb1014da47aeb64c5944f",
"versionType": "git"
},
{
"lessThan": "da5161ba94c5e9182c301dd4f09c94f715c068bd",
"status": "affected",
"version": "75a1e792c335b5c6d7fdb1014da47aeb64c5944f",
"versionType": "git"
},
{
"lessThan": "34de8e6e0e1f66e431abf4123934a2581cb5f133",
"status": "affected",
"version": "75a1e792c335b5c6d7fdb1014da47aeb64c5944f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"tools/bpf/bpftool/common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.155",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without FILE\n\nWhen using bpftool to pin {PROG, MAP, LINK} without FILE,\nsegmentation fault will occur. The reson is that the lack\nof FILE will cause strlen to trigger NULL pointer dereference.\nThe corresponding stacktrace is shown below:\n\ndo_pin\n do_pin_any\n do_pin_fd\n mount_bpffs_for_pin\n strlen(name) \u003c- NULL pointer dereference\n\nFix it by adding validation to the common process."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T14:10:24.427Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8c80b2fca4112d724dde477aed13f7b0510a2792"
},
{
"url": "https://git.kernel.org/stable/c/6dcdd1b68b7f9333d48d48fc77b75e7f235f6a4a"
},
{
"url": "https://git.kernel.org/stable/c/da5161ba94c5e9182c301dd4f09c94f715c068bd"
},
{
"url": "https://git.kernel.org/stable/c/34de8e6e0e1f66e431abf4123934a2581cb5f133"
}
],
"title": "bpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without FILE",
"x_generator": {
"engine": "bippy-1.1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49875",
"datePublished": "2025-05-01T14:10:24.427Z",
"dateReserved": "2025-05-01T14:05:17.238Z",
"dateUpdated": "2025-05-01T14:10:24.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-49875\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-05-01T15:16:12.450\",\"lastModified\":\"2025-05-01T15:16:12.450\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without FILE\\n\\nWhen using bpftool to pin {PROG, MAP, LINK} without FILE,\\nsegmentation fault will occur. The reson is that the lack\\nof FILE will cause strlen to trigger NULL pointer dereference.\\nThe corresponding stacktrace is shown below:\\n\\ndo_pin\\n do_pin_any\\n do_pin_fd\\n mount_bpffs_for_pin\\n strlen(name) \u003c- NULL pointer dereference\\n\\nFix it by adding validation to the common process.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/34de8e6e0e1f66e431abf4123934a2581cb5f133\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6dcdd1b68b7f9333d48d48fc77b75e7f235f6a4a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8c80b2fca4112d724dde477aed13f7b0510a2792\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/da5161ba94c5e9182c301dd4f09c94f715c068bd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.