CVE-2022-49799
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49799
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49799.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-49799
- Downstream
- Related
- Published
- 2025-05-01T14:09:28.377Z
- Modified
- 2025-11-28T02:34:41.685353Z
- Summary
- tracing: Fix wild-memory-access in register_synth_event()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix wild-memory-access in registersynthevent()
In registersynthevent(), if setsyntheventprintfmt() failed, then both traceremoveeventcall() and unregistertraceevent() will be called, which means the traceeventcall will call _unregistertraceevent() twice. As the result, the second unregister will causes the wild-memory-access.
registersynthevent setsyntheventprintfmt failed traceremoveeventcall eventremove if call->event.funcs then _unregistertraceevent (first call) unregistertraceevent _unregistertraceevent (second call)
Fix the bug by avoiding to call the second _unregistertrace_event() by checking if the first one is called.
general protection fault, probably for non-canonical address 0xfbd59c0000000024: 0000 [#1] SMP KASAN PTI KASAN: maybe wild-memory-access in range [0xdead000000000120-0xdead000000000127] CPU: 0 PID: 3807 Comm: modprobe Not tainted 6.1.0-rc1-00186-g76f33a7eedb4 #299 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 RIP: 0010:unregistertraceevent+0x6e/0x280 Code: 00 fc ff df 4c 89 ea 48 c1 ea 03 80 3c 02 00 0f 85 0e 02 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 63 08 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 e2 01 00 00 49 89 2c 24 48 85 ed 74 28 e8 7a 9b RSP: 0018:ffff88810413f370 EFLAGS: 00010a06 RAX: dffffc0000000000 RBX: ffff888105d050b0 RCX: 0000000000000000 RDX: 1bd5a00000000024 RSI: ffff888119e276e0 RDI: ffffffff835a8b20 RBP: dead000000000100 R08: 0000000000000000 R09: fffffbfff0913481 R10: ffffffff8489a407 R11: fffffbfff0913480 R12: dead000000000122 R13: ffff888105d050b8 R14: 0000000000000000 R15: ffff888105d05028 FS: 00007f7823e8d540(0000) GS:ffff888119e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f7823e7ebec CR3: 000000010a058002 CR4: 0000000000330ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> _createsynthevent+0x1e37/0x1eb0 createordeletesynthevent+0x110/0x250 syntheventruncommand+0x2f/0x110 testgensynthcmd+0x170/0x2eb [syntheventgentest] syntheventgentestinit+0x76/0x9bc [syntheventgentest] dooneinitcall+0xdb/0x480 doinitmodule+0x1cf/0x680 loadmodule+0x6a50/0x70a0 _dosysfinitmodule+0x12f/0x1c0 dosyscall64+0x3f/0x90 entrySYSCALL64afterhwframe+0x63/0xcd
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49799.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1b5f1c34d3f5a664a57a5a7557a50e4e3cc2505c
- https://git.kernel.org/stable/c/315b149f08229a233d47532eb5da1707b28f764c
- https://git.kernel.org/stable/c/6517b97134f724d12f673f9fb4f456d75c7a905f
- https://git.kernel.org/stable/c/a5bfa53e5036b3e7a80be902dd3719a930accabd
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49799.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-49799
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4b147936fa509650beaf638b331573c23ba4d609Fixed315b149f08229a233d47532eb5da1707b28f764cFixed6517b97134f724d12f673f9fb4f456d75c7a905fFixeda5bfa53e5036b3e7a80be902dd3719a930accabdFixed1b5f1c34d3f5a664a57a5a7557a50e4e3cc2505c