| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123025-CVE-2022-50883-09fa@gregkh>
Date: Tue, 30 Dec 2025 13:23:32 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2022-50883: bpf: Prevent decl_tag from being referenced in func_proto arg
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
bpf: Prevent decl_tag from being referenced in func_proto arg
Syzkaller managed to hit another decl_tag issue:
btf_func_proto_check kernel/bpf/btf.c:4506 [inline]
btf_check_all_types kernel/bpf/btf.c:4734 [inline]
btf_parse_type_sec+0x1175/0x1980 kernel/bpf/btf.c:4763
btf_parse kernel/bpf/btf.c:5042 [inline]
btf_new_fd+0x65a/0xb00 kernel/bpf/btf.c:6709
bpf_btf_load+0x6f/0x90 kernel/bpf/syscall.c:4342
__sys_bpf+0x50a/0x6c0 kernel/bpf/syscall.c:5034
__do_sys_bpf kernel/bpf/syscall.c:5093 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5091 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5091
do_syscall_64+0x54/0x70 arch/x86/entry/common.c:48
This seems similar to commit ea68376c8bed ("bpf: prevent decl_tag from being
referenced in func_proto") but for the argument.
The Linux kernel CVE team has assigned CVE-2022-50883 to this issue.
Affected and fixed versions
===========================
Fixed in 5.4.229 with commit 89357aa97b521fca76e39d81e2b1ac5edb3d0b96
Fixed in 5.10.163 with commit 329a76635548ee8fceb3b78c7d54d96524e80925
Fixed in 5.15.86 with commit b327c68ace71ba9cb3105ae6a5955a229e9bdca3
Fixed in 6.0.16 with commit 3f3d54962a032581996edda8e6bcbf7a30371234
Fixed in 6.1.2 with commit e6d276dcc9204f95632580c43d66c52ca502d7ec
Fixed in 6.2 with commit f17472d4599697d701aa239b4c475a506bccfd19
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2022-50883
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
kernel/bpf/btf.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/89357aa97b521fca76e39d81e2b1ac5edb3d0b96
https://git.kernel.org/stable/c/329a76635548ee8fceb3b78c7d54d96524e80925
https://git.kernel.org/stable/c/b327c68ace71ba9cb3105ae6a5955a229e9bdca3
https://git.kernel.org/stable/c/3f3d54962a032581996edda8e6bcbf7a30371234
https://git.kernel.org/stable/c/e6d276dcc9204f95632580c43d66c52ca502d7ec
https://git.kernel.org/stable/c/f17472d4599697d701aa239b4c475a506bccfd19
Powered by blists - more mailing lists