CVE-2022-49799

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49799
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49799.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49799
Downstream
Related
Published
2025-05-01T15:16:03Z
Modified
2025-08-09T20:01:28Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix wild-memory-access in registersynthevent()

In registersynthevent(), if setsyntheventprintfmt() failed, then both traceremoveeventcall() and unregistertraceevent() will be called, which means the traceeventcall will call _unregistertraceevent() twice. As the result, the second unregister will causes the wild-memory-access.

registersynthevent setsyntheventprintfmt failed traceremoveeventcall eventremove if call->event.funcs then _unregistertraceevent (first call) unregistertraceevent _unregistertraceevent (second call)

Fix the bug by avoiding to call the second _unregistertrace_event() by checking if the first one is called.

general protection fault, probably for non-canonical address 0xfbd59c0000000024: 0000 [#1] SMP KASAN PTI KASAN: maybe wild-memory-access in range [0xdead000000000120-0xdead000000000127] CPU: 0 PID: 3807 Comm: modprobe Not tainted 6.1.0-rc1-00186-g76f33a7eedb4 #299 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 RIP: 0010:unregistertraceevent+0x6e/0x280 Code: 00 fc ff df 4c 89 ea 48 c1 ea 03 80 3c 02 00 0f 85 0e 02 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 63 08 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 e2 01 00 00 49 89 2c 24 48 85 ed 74 28 e8 7a 9b RSP: 0018:ffff88810413f370 EFLAGS: 00010a06 RAX: dffffc0000000000 RBX: ffff888105d050b0 RCX: 0000000000000000 RDX: 1bd5a00000000024 RSI: ffff888119e276e0 RDI: ffffffff835a8b20 RBP: dead000000000100 R08: 0000000000000000 R09: fffffbfff0913481 R10: ffffffff8489a407 R11: fffffbfff0913480 R12: dead000000000122 R13: ffff888105d050b8 R14: 0000000000000000 R15: ffff888105d05028 FS: 00007f7823e8d540(0000) GS:ffff888119e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f7823e7ebec CR3: 000000010a058002 CR4: 0000000000330ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> _createsynthevent+0x1e37/0x1eb0 createordeletesynthevent+0x110/0x250 syntheventruncommand+0x2f/0x110 testgensynthcmd+0x170/0x2eb [syntheventgentest] syntheventgentestinit+0x76/0x9bc [syntheventgentest] dooneinitcall+0xdb/0x480 doinitmodule+0x1cf/0x680 loadmodule+0x6a50/0x70a0 _dosysfinitmodule+0x12f/0x1c0 dosyscall64+0x3f/0x90 entrySYSCALL64afterhwframe+0x63/0xcd

References

Affected packages