AZL-68687

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68687.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-68687

Upstream

CVE-2022-49552

Published

2025-02-26T07:01:31Z

Modified

2026-04-01T05:21:28.246301Z

Summary

CVE-2022-49552 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix combination of jit blinding and pointers to bpf subprogs.

The combination of jit blinding and pointers to bpf subprogs causes: [ 36.989548] BUG: unable to handle page fault for address: 0000000100000001 [ 36.990342] #PF: supervisor instruction fetch in kernel mode [ 36.990968] #PF: errorcode(0x0010) - not-present page [ 36.994859] RIP: 0010:0x100000001 [ 36.995209] Code: Unable to access opcode bytes at RIP 0xffffffd7. [ 37.004091] Call Trace: [ 37.004351] <TASK> [ 37.004576] ? bpfloop+0x4d/0x70 [ 37.004932] ? bpfprog3899083f75e4c5de_F+0xe3/0x13b

The jit blinding logic didn't recognize that ldimm64 with an address of bpf subprogram is a special instruction and proceeded to randomize it. By itself it wouldn't have been an issue, but jitsubprogs() logic relies on two step process to JIT all subprogs and then JIT them again when addresses of all subprogs are known. Blinding process in the first JIT phase caused second JIT to miss adjustment of special ld_imm64.

Fix this issue by ignoring special ld_imm64 instructions that don't have user controlled constants and shouldn't be blinded.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-49552

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68687.json"