Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix wrong reg type conversion in release_reference() Some helper functions will allocate memory. To avoid memory leaks, the verifier requires the eBPF program to release these memories by calling the corresponding helper functions. When a resource is released, all pointer registers corresponding to the resource should be invalidated. The verifier use release_references() to do this job, by apply __mark_reg_unknown() to each relevant register. It will give these registers the type of SCALAR_VALUE. A register that will contain a pointer value at runtime, but of type SCALAR_VALUE, which may allow the unprivileged user to get a kernel pointer by storing this register into a map. Using __mark_reg_not_init() while NOT allow_ptr_leaks can mitigate this problem.

INFO

Published Date :

2025-05-01T14:10:23.128Z

Last Modified :

2025-10-01T16:03:45.940Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-49873 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-49873.

URL Resource
https://git.kernel.org/stable/c/466ce46f251dfb259a8cbaa895ab9edd6fb56240 cve-icon cve-icon
https://git.kernel.org/stable/c/ae5ccad6c711db0f2ca1231be051935dd128b8f5 cve-icon cve-icon
https://git.kernel.org/stable/c/cedd4f01f67be94735f15123158f485028571037 cve-icon cve-icon
https://git.kernel.org/stable/c/f1db20814af532f85e091231223e5e4818e8464b cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025050151-CVE-2022-49873-2733@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-49873 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-49873 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact