CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-48929

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to out of bounds access into reg2btf_ids. When commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added kfunc support, it defined reg2btf_ids as a cheap way to translate the verifier reg type to the appropriate btf_vmlinux BTF ID, however commit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL") moved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after the base register types, and defined other variants using type flag composition. However, now, the direct usage of reg->type to index into reg2btf_ids may no longer fall into __BPF_REG_TYPE_MAX range, and hence lead to out of bounds access and kernel crash on dereference of bad pointer.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 2.6%

CVSS Severity

CVSS v3 Score 5.5

References

Products affected by CVE-2022-48929

Linux » Linux Kernel » Version: 5.15.15

cpe:2.3:o:linux:linux_kernel:5.15.15
Linux » Linux Kernel » Version: 5.15.16

cpe:2.3:o:linux:linux_kernel:5.15.16
Linux » Linux Kernel » Version: 5.15.17

cpe:2.3:o:linux:linux_kernel:5.15.17
Linux » Linux Kernel » Version: 5.15.18

cpe:2.3:o:linux:linux_kernel:5.15.18
Linux » Linux Kernel » Version: 5.15.19

cpe:2.3:o:linux:linux_kernel:5.15.19
Linux » Linux Kernel » Version: 5.15.20

cpe:2.3:o:linux:linux_kernel:5.15.20
Linux » Linux Kernel » Version: 5.15.21

cpe:2.3:o:linux:linux_kernel:5.15.21
Linux » Linux Kernel » Version: 5.15.22

cpe:2.3:o:linux:linux_kernel:5.15.22
Linux » Linux Kernel » Version: 5.15.23

cpe:2.3:o:linux:linux_kernel:5.15.23
Linux » Linux Kernel » Version: 5.15.24

cpe:2.3:o:linux:linux_kernel:5.15.24
Linux » Linux Kernel » Version: 5.15.25

cpe:2.3:o:linux:linux_kernel:5.15.25
Linux » Linux Kernel » Version: 5.15.26

cpe:2.3:o:linux:linux_kernel:5.15.26
Linux » Linux Kernel » Version: 5.15.27

cpe:2.3:o:linux:linux_kernel:5.15.27
Linux » Linux Kernel » Version: 5.15.28

cpe:2.3:o:linux:linux_kernel:5.15.28
Linux » Linux Kernel » Version: 5.15.29

cpe:2.3:o:linux:linux_kernel:5.15.29
Linux » Linux Kernel » Version: 5.15.30

cpe:2.3:o:linux:linux_kernel:5.15.30
Linux » Linux Kernel » Version: 5.15.31

cpe:2.3:o:linux:linux_kernel:5.15.31
Linux » Linux Kernel » Version: 5.15.32

cpe:2.3:o:linux:linux_kernel:5.15.32
Linux » Linux Kernel » Version: 5.15.33

cpe:2.3:o:linux:linux_kernel:5.15.33
Linux » Linux Kernel » Version: 5.15.34

cpe:2.3:o:linux:linux_kernel:5.15.34
Linux » Linux Kernel » Version: 5.15.35

cpe:2.3:o:linux:linux_kernel:5.15.35
Linux » Linux Kernel » Version: 5.15.36

cpe:2.3:o:linux:linux_kernel:5.15.36
Linux » Linux Kernel » Version: 5.16.1

cpe:2.3:o:linux:linux_kernel:5.16.1
Linux » Linux Kernel » Version: 5.16.10

cpe:2.3:o:linux:linux_kernel:5.16.10
Linux » Linux Kernel » Version: 5.16.11

cpe:2.3:o:linux:linux_kernel:5.16.11
Linux » Linux Kernel » Version: 5.16.2

cpe:2.3:o:linux:linux_kernel:5.16.2
Linux » Linux Kernel » Version: 5.16.3

cpe:2.3:o:linux:linux_kernel:5.16.3
Linux » Linux Kernel » Version: 5.16.4

cpe:2.3:o:linux:linux_kernel:5.16.4
Linux » Linux Kernel » Version: 5.16.5

cpe:2.3:o:linux:linux_kernel:5.16.5
Linux » Linux Kernel » Version: 5.16.6

cpe:2.3:o:linux:linux_kernel:5.16.6
Linux » Linux Kernel » Version: 5.16.7

cpe:2.3:o:linux:linux_kernel:5.16.7
Linux » Linux Kernel » Version: 5.16.8

cpe:2.3:o:linux:linux_kernel:5.16.8
Linux » Linux Kernel » Version: 5.16.9

cpe:2.3:o:linux:linux_kernel:5.16.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-48929

Products

Pricing

Contact Us