CVE-2022-48770

Summary

In the Linux kernel, the following vulnerability has been resolved:

bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack()

task_pt_regs() can return NULL on powerpc for kernel threads. This is then used in __bpf_get_stack() to check for user mode, resulting in a kernel oops. Guard against this by checking return value of task_pt_regs() before trying to obtain the call chain.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxfa28dcb82a38f8e3993b0fae9106b1a80b59e4f0 < ff6bdc205fd0a83bd365405d4e31fb5905826996affected
LinuxLinuxfa28dcb82a38f8e3993b0fae9106b1a80b59e4f0 < 0bcd484587b3b3092e448d27dc369e347e1810c3affected
LinuxLinuxfa28dcb82a38f8e3993b0fae9106b1a80b59e4f0 < b82ef4985a6d05e80f604624332430351df7b79aaffected
LinuxLinuxfa28dcb82a38f8e3993b0fae9106b1a80b59e4f0 < b992f01e66150fc5e90be4a96f5eb8e634c8249eaffected
LinuxLinux5.9affected
LinuxLinux0 < 5.9unaffected
LinuxLinux5.10.96 <= 5.10.*unaffected
LinuxLinux5.15.19 <= 5.15.*unaffected
LinuxLinux5.16.5 <= 5.16.*unaffected
LinuxLinux5.17 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References