CVE-2022-48929

Published: Aug 22, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to out of bounds access into reg2btf_ids. When commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added kfunc support, it defined reg2btf_ids as a cheap way to translate the verifier reg type to the appropriate btf_vmlinux BTF ID, however commit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL") moved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after the base register types, and defined other variants using type flag composition. However, now, the direct usage of reg->type to index into reg2btf_ids may no longer fall into __BPF_REG_TYPE_MAX range, and hence lead to out of bounds access and kernel crash on dereference of bad pointer.

Vendor	Product	Versions
Linux	Linux	affected `8d38cde47a7e17b646401fa92d916503caa5375e - < 8c39925e98d498b9531343066ef82ae39e41adae` affected `77459bc4d5e2c6f24db845780b4d9d60cf82d06a - < f0ce1bc9e0235dd7412240be493d7ea65ed9eadc` affected `c25b2ae136039ffa820c26138ed4a5e5f3ab3841 - < 45ce4b4f9009102cd9f581196d480a59208690c1`
Linux	Linux	affected `5.16.11 - < 5.16.12`

References

https://git.kernel.org/stable/c/8c39925e98d498b9531343066ef82ae39e41adae

https://git.kernel.org/stable/c/f0ce1bc9e0235dd7412240be493d7ea65ed9eadc

https://git.kernel.org/stable/c/45ce4b4f9009102cd9f581196d480a59208690c1

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-48929

Description

Affected Products

References