DEBIAN-CVE-2022-49873
- Source
- https://security-tracker.debian.org/tracker/CVE-2022-49873
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-49873.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-49873
- Upstream
- Published
- 2025-05-01T15:16:12Z
- Modified
- 2025-09-19T07:33:02.848599Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix wrong reg type conversion in releasereference() Some helper functions will allocate memory. To avoid memory leaks, the verifier requires the eBPF program to release these memories by calling the corresponding helper functions. When a resource is released, all pointer registers corresponding to the resource should be invalidated. The verifier use releasereferences() to do this job, by apply _markregunknown() to each relevant register. It will give these registers the type of SCALARVALUE. A register that will contain a pointer value at runtime, but of type SCALARVALUE, which may allow the unprivileged user to get a kernel pointer by storing this register into a map. Using _markregnotinit() while NOT allowptr_leaks can mitigate this problem.
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.158-1
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source