CVE-2022-49030

Summary

In the Linux kernel, the following vulnerability has been resolved:

libbpf: Handle size overflow for ringbuf mmap

The maximum size of ringbuf is 2GB on x86-64 host, so 2 * max_entries will overflow u32 when mapping producer page and data pages. Only casting max_entries to size_t is not enough, because for 32-bits application on 64-bits kernel the size of read-only mmap region also could overflow size_t.

So fixing it by casting the size of read-only mmap region into a __u64 and checking whether or not there will be overflow during mmap.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxbf99c936f9478a05d51e9f101f90de70bee9a89c < 8a549ab6724520aa3c07f47e0eba820293551490affected
LinuxLinuxbf99c936f9478a05d51e9f101f90de70bee9a89c < 0140e079a42064680394fff1199a7b5483688decaffected
LinuxLinuxbf99c936f9478a05d51e9f101f90de70bee9a89c < 535a25ab4f9a45f74ba38ab71de95e97474922edaffected
LinuxLinuxbf99c936f9478a05d51e9f101f90de70bee9a89c < 927cbb478adf917e0a142b94baa37f06279cc466affected
LinuxLinux5.8affected
LinuxLinux0 < 5.8unaffected
LinuxLinux5.10.158 <= 5.10.*unaffected
LinuxLinux5.15.82 <= 5.15.*unaffected
LinuxLinux6.0.12 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References