CVE-2022-49873

{"id": "CVE-2022-49873", "cveTags": [], "metrics": {}, "published": "2025-05-01T15:16:12.240", "references": [{"url": "https://git.kernel.org/stable/c/466ce46f251dfb259a8cbaa895ab9edd6fb56240", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ae5ccad6c711db0f2ca1231be051935dd128b8f5", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/cedd4f01f67be94735f15123158f485028571037", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f1db20814af532f85e091231223e5e4818e8464b", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Received", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix wrong reg type conversion in release_reference()\n\nSome helper functions will allocate memory. To avoid memory leaks, the\nverifier requires the eBPF program to release these memories by calling\nthe corresponding helper functions.\n\nWhen a resource is released, all pointer registers corresponding to the\nresource should be invalidated. The verifier use release_references() to\ndo this job, by apply __mark_reg_unknown() to each relevant register.\n\nIt will give these registers the type of SCALAR_VALUE. A register that\nwill contain a pointer value at runtime, but of type SCALAR_VALUE, which\nmay allow the unprivileged user to get a kernel pointer by storing this\nregister into a map.\n\nUsing __mark_reg_not_init() while NOT allow_ptr_leaks can mitigate this\nproblem."}], "lastModified": "2025-05-01T15:16:12.240", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}