cve-2022-49878
Vulnerability from cvelistv5
Published
2025-05-01 14:10
Modified
2025-05-04 08:47
Severity ?
EPSS score ?
Summary
bpf, verifier: Fix memory leak in array reallocation for stack state
References
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/verifier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "06615967d4889b08b19ff3dda96e8b131282f73d",
"status": "affected",
"version": "c69431aab67a912836e5831f03d99a819c14c9c3",
"versionType": "git"
},
{
"lessThan": "3e210891c4a4c2d858cd6f9f61d5809af251d4df",
"status": "affected",
"version": "c69431aab67a912836e5831f03d99a819c14c9c3",
"versionType": "git"
},
{
"lessThan": "42378a9ca55347102bbf86708776061d8fe3ece2",
"status": "affected",
"version": "c69431aab67a912836e5831f03d99a819c14c9c3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/verifier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.79",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.9",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, verifier: Fix memory leak in array reallocation for stack state\n\nIf an error (NULL) is returned by krealloc(), callers of realloc_array()\nwere setting their allocation pointers to NULL, but on error krealloc()\ndoes not touch the original allocation. This would result in a memory\nresource leak. Instead, free the old allocation on the error handling\npath.\n\nThe memory leak information is as follows as also reported by Zhengchao:\n\n unreferenced object 0xffff888019801800 (size 256):\n comm \"bpf_repo\", pid 6490, jiffies 4294959200 (age 17.170s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c00000000b211474b\u003e] __kmalloc_node_track_caller+0x45/0xc0\n [\u003c0000000086712a0b\u003e] krealloc+0x83/0xd0\n [\u003c00000000139aab02\u003e] realloc_array+0x82/0xe2\n [\u003c00000000b1ca41d1\u003e] grow_stack_state+0xfb/0x186\n [\u003c00000000cd6f36d2\u003e] check_mem_access.cold+0x141/0x1341\n [\u003c0000000081780455\u003e] do_check_common+0x5358/0xb350\n [\u003c0000000015f6b091\u003e] bpf_check.cold+0xc3/0x29d\n [\u003c000000002973c690\u003e] bpf_prog_load+0x13db/0x2240\n [\u003c00000000028d1644\u003e] __sys_bpf+0x1605/0x4ce0\n [\u003c00000000053f29bd\u003e] __x64_sys_bpf+0x75/0xb0\n [\u003c0000000056fedaf5\u003e] do_syscall_64+0x35/0x80\n [\u003c000000002bd58261\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:47:37.797Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/06615967d4889b08b19ff3dda96e8b131282f73d"
},
{
"url": "https://git.kernel.org/stable/c/3e210891c4a4c2d858cd6f9f61d5809af251d4df"
},
{
"url": "https://git.kernel.org/stable/c/42378a9ca55347102bbf86708776061d8fe3ece2"
}
],
"title": "bpf, verifier: Fix memory leak in array reallocation for stack state",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49878",
"datePublished": "2025-05-01T14:10:26.389Z",
"dateReserved": "2025-05-01T14:05:17.239Z",
"dateUpdated": "2025-05-04T08:47:37.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-49878\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-05-01T15:16:12.753\",\"lastModified\":\"2025-05-07T13:21:23.850\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbpf, verifier: Fix memory leak in array reallocation for stack state\\n\\nIf an error (NULL) is returned by krealloc(), callers of realloc_array()\\nwere setting their allocation pointers to NULL, but on error krealloc()\\ndoes not touch the original allocation. This would result in a memory\\nresource leak. Instead, free the old allocation on the error handling\\npath.\\n\\nThe memory leak information is as follows as also reported by Zhengchao:\\n\\n unreferenced object 0xffff888019801800 (size 256):\\n comm \\\"bpf_repo\\\", pid 6490, jiffies 4294959200 (age 17.170s)\\n hex dump (first 32 bytes):\\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\\n backtrace:\\n [\u003c00000000b211474b\u003e] __kmalloc_node_track_caller+0x45/0xc0\\n [\u003c0000000086712a0b\u003e] krealloc+0x83/0xd0\\n [\u003c00000000139aab02\u003e] realloc_array+0x82/0xe2\\n [\u003c00000000b1ca41d1\u003e] grow_stack_state+0xfb/0x186\\n [\u003c00000000cd6f36d2\u003e] check_mem_access.cold+0x141/0x1341\\n [\u003c0000000081780455\u003e] do_check_common+0x5358/0xb350\\n [\u003c0000000015f6b091\u003e] bpf_check.cold+0xc3/0x29d\\n [\u003c000000002973c690\u003e] bpf_prog_load+0x13db/0x2240\\n [\u003c00000000028d1644\u003e] __sys_bpf+0x1605/0x4ce0\\n [\u003c00000000053f29bd\u003e] __x64_sys_bpf+0x75/0xb0\\n [\u003c0000000056fedaf5\u003e] do_syscall_64+0x35/0x80\\n [\u003c000000002bd58261\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf, verificador: Se corrige una fuga de memoria en la reasignaci\u00f3n de matriz para el estado de la pila. Si krealloc() devuelve un error (NULL), los usuarios de realloc_array() establec\u00edan sus punteros de asignaci\u00f3n en NULL, pero en caso de error, krealloc() no modifica la asignaci\u00f3n original. Esto provocar\u00eda una fuga de recursos de memoria. En su lugar, se libera la asignaci\u00f3n anterior en la ruta de gesti\u00f3n de errores. La informaci\u00f3n de fuga de memoria es la siguiente, tal como lo inform\u00f3 Zhengchao: objeto sin referencia 0xffff888019801800 (tama\u00f1o 256): comm \\\"bpf_repo\\\", pid 6490, jiffies 4294959200 (edad 17.170s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [\u0026lt;00000000b211474b\u0026gt;] __kmalloc_node_track_caller+0x45/0xc0 [\u0026lt;0000000086712a0b\u0026gt;] krealloc+0x83/0xd0 [\u0026lt;00000000139aab02\u0026gt;] realloc_array+0x82/0xe2 [\u0026lt;00000000b1ca41d1\u0026gt;] grow_stack_state+0xfb/0x186 [\u0026lt;00000000cd6f36d2\u0026gt;] check_mem_access.cold+0x141/0x1341 [\u0026lt;0000000081780455\u0026gt;] do_check_common+0x5358/0xb350 [\u0026lt;0000000015f6b091\u0026gt;] bpf_check.cold+0xc3/0x29d [\u0026lt;000000002973c690\u0026gt;] bpf_prog_load+0x13db/0x2240 [\u0026lt;00000000028d1644\u0026gt;] __sys_bpf+0x1605/0x4ce0 [\u0026lt;00000000053f29bd\u0026gt;] __x64_sys_bpf+0x75/0xb0 [\u0026lt;0000000056fedaf5\u0026gt;] do_syscall_64+0x35/0x80 [\u0026lt;000000002bd58261\u0026gt;] entry_SYSCALL_64_after_hwframe+0x63/0xcd \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.14\",\"versionEndExcluding\":\"5.15.79\",\"matchCriteriaId\":\"FB443DA9-A9E7-45CA-AAF4-AF14F567FE9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.0.9\",\"matchCriteriaId\":\"C3F26709-7D49-4AF0-8145-46CCF4E8E2AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7E331DA-1FB0-4DEC-91AC-7DA69D461C11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"17F0B248-42CF-4AE6-A469-BB1BAE7F4705\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2422816-0C14-4B5E-A1E6-A9D776E5C49B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/06615967d4889b08b19ff3dda96e8b131282f73d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3e210891c4a4c2d858cd6f9f61d5809af251d4df\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/42378a9ca55347102bbf86708776061d8fe3ece2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.