CVE-2022-49878

In the Linux kernel, the following vulnerability has been resolved: bpf, verifier: Fix memory leak in array reallocation for stack state If an error (NULL) is returned by krealloc(), callers of realloc_array() were setting their allocation pointers to NULL, but on error krealloc() does not touch the original allocation. This would result in a memory resource leak. Instead, free the old allocation on the error handling path. The memory leak information is as follows as also reported by Zhengchao: unreferenced object 0xffff888019801800 (size 256): comm "bpf_repo", pid 6490, jiffies 4294959200 (age 17.170s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000b211474b>] __kmalloc_node_track_caller+0x45/0xc0 [<0000000086712a0b>] krealloc+0x83/0xd0 [<00000000139aab02>] realloc_array+0x82/0xe2 [<00000000b1ca41d1>] grow_stack_state+0xfb/0x186 [<00000000cd6f36d2>] check_mem_access.cold+0x141/0x1341 [<0000000081780455>] do_check_common+0x5358/0xb350 [<0000000015f6b091>] bpf_check.cold+0xc3/0x29d [<000000002973c690>] bpf_prog_load+0x13db/0x2240 [<00000000028d1644>] __sys_bpf+0x1605/0x4ce0 [<00000000053f29bd>] __x64_sys_bpf+0x75/0xb0 [<0000000056fedaf5>] do_syscall_64+0x35/0x80 [<000000002bd58261>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*

History

07 May 2025, 13:21

Type Values Removed Values Added
CWE CWE-401
First Time Linux linux Kernel
Linux
References () https://git.kernel.org/stable/c/06615967d4889b08b19ff3dda96e8b131282f73d - () https://git.kernel.org/stable/c/06615967d4889b08b19ff3dda96e8b131282f73d - Patch
References () https://git.kernel.org/stable/c/3e210891c4a4c2d858cd6f9f61d5809af251d4df - () https://git.kernel.org/stable/c/3e210891c4a4c2d858cd6f9f61d5809af251d4df - Patch
References () https://git.kernel.org/stable/c/42378a9ca55347102bbf86708776061d8fe3ece2 - () https://git.kernel.org/stable/c/42378a9ca55347102bbf86708776061d8fe3ece2 - Patch
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
CPE cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*

02 May 2025, 13:52

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf, verificador: Se corrige una fuga de memoria en la reasignación de matriz para el estado de la pila. Si krealloc() devuelve un error (NULL), los usuarios de realloc_array() establecían sus punteros de asignación en NULL, pero en caso de error, krealloc() no modifica la asignación original. Esto provocaría una fuga de recursos de memoria. En su lugar, se libera la asignación anterior en la ruta de gestión de errores. La información de fuga de memoria es la siguiente, tal como lo informó Zhengchao: objeto sin referencia 0xffff888019801800 (tamaño 256): comm "bpf_repo", pid 6490, jiffies 4294959200 (edad 17.170s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [&lt;00000000b211474b&gt;] __kmalloc_node_track_caller+0x45/0xc0 [&lt;0000000086712a0b&gt;] krealloc+0x83/0xd0 [&lt;00000000139aab02&gt;] realloc_array+0x82/0xe2 [&lt;00000000b1ca41d1&gt;] grow_stack_state+0xfb/0x186 [&lt;00000000cd6f36d2&gt;] check_mem_access.cold+0x141/0x1341 [&lt;0000000081780455&gt;] do_check_common+0x5358/0xb350 [&lt;0000000015f6b091&gt;] bpf_check.cold+0xc3/0x29d [&lt;000000002973c690&gt;] bpf_prog_load+0x13db/0x2240 [&lt;00000000028d1644&gt;] __sys_bpf+0x1605/0x4ce0 [&lt;00000000053f29bd&gt;] __x64_sys_bpf+0x75/0xb0 [&lt;0000000056fedaf5&gt;] do_syscall_64+0x35/0x80 [&lt;000000002bd58261&gt;] entry_SYSCALL_64_after_hwframe+0x63/0xcd

01 May 2025, 15:16

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-01 15:16

Updated : 2025-05-07 13:21


NVD link : CVE-2022-49878

Mitre link : CVE-2022-49878

CVE.ORG link : CVE-2022-49878


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-401

Missing Release of Memory after Effective Lifetime