{ "threat_severity" : "Moderate", "public_date" : "2025-05-01T00:00:00Z", "bugzilla" : { "description" : "kernel: bpf: Fix memory leaks in __check_func_call", "id" : "2363505", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2363505" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-401", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nbpf: Fix memory leaks in __check_func_call\nkmemleak reports this issue:\nunreferenced object 0xffff88817139d000 (size 2048):\ncomm \"test_progs\", pid 33246, jiffies 4307381979 (age 45851.820s)\nhex dump (first 32 bytes):\n01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace:\n[<0000000045f075f0>] kmalloc_trace+0x27/0xa0\n[<0000000098b7c90a>] __check_func_call+0x316/0x1230\n[<00000000b4c3c403>] check_helper_call+0x172e/0x4700\n[<00000000aa3875b7>] do_check+0x21d8/0x45e0\n[<000000001147357b>] do_check_common+0x767/0xaf0\n[<00000000b5a595b4>] bpf_check+0x43e3/0x5bc0\n[<0000000011e391b1>] bpf_prog_load+0xf26/0x1940\n[<0000000007f765c0>] __sys_bpf+0xd2c/0x3650\n[<00000000839815d6>] __x64_sys_bpf+0x75/0xc0\n[<00000000946ee250>] do_syscall_64+0x3b/0x90\n[<0000000000506b7f>] entry_SYSCALL_64_after_hwframe+0x63/0xcd\nThe root case here is: In function prepare_func_exit(), the callee is\nnot released in the abnormal scenario after \"state->curframe--;\". To\nfix, move \"state->curframe--;\" to the very bottom of the function,\nright when we free callee and reset frame[] pointer to NULL, as Andrii\nsuggested.\nIn addition, function __check_func_call() has a similar problem. In\nthe abnormal scenario before \"state->curframe++;\", the callee also\nshould be released by free_func_state()." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-49837\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49837\nhttps://lore.kernel.org/linux-cve-announce/2025050139-CVE-2022-49837-c13b@gregkh/T" ], "name" : "CVE-2022-49837", "csaw" : false }