Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to out of bounds access into reg2btf_ids. When commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added kfunc support, it defined reg2btf_ids as a cheap way to translate the verifier reg type to the appropriate btf_vmlinux BTF ID, however commit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL") moved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after the base register types, and defined other variants using type flag composition. However, now, the direct usage of reg->type to index into reg2btf_ids may no longer fall into __BPF_REG_TYPE_MAX range, and hence lead to out of bounds access and kernel crash on dereference of bad pointer.

INFO

Published Date :

2024-08-22T03:31:22.329Z

Last Modified :

2025-05-04T08:26:17.781Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-48929 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
  • Rhel Eus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-48929.

URL Resource
https://git.kernel.org/stable/c/45ce4b4f9009102cd9f581196d480a59208690c1 cve-icon cve-icon
https://git.kernel.org/stable/c/8c39925e98d498b9531343066ef82ae39e41adae cve-icon cve-icon
https://git.kernel.org/stable/c/f0ce1bc9e0235dd7412240be493d7ea65ed9eadc cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024082222-CVE-2022-48929-857d@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-48929 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-48929 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact