{ "threat_severity" : "Moderate", "public_date" : "2025-05-01T00:00:00Z", "bugzilla" : { "description" : "kernel: bpf, verifier: Fix memory leak in array reallocation for stack state", "id" : "2363443", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2363443" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-401", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nbpf, verifier: Fix memory leak in array reallocation for stack state\nIf an error (NULL) is returned by krealloc(), callers of realloc_array()\nwere setting their allocation pointers to NULL, but on error krealloc()\ndoes not touch the original allocation. This would result in a memory\nresource leak. Instead, free the old allocation on the error handling\npath.\nThe memory leak information is as follows as also reported by Zhengchao:\nunreferenced object 0xffff888019801800 (size 256):\ncomm \"bpf_repo\", pid 6490, jiffies 4294959200 (age 17.170s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace:\n[<00000000b211474b>] __kmalloc_node_track_caller+0x45/0xc0\n[<0000000086712a0b>] krealloc+0x83/0xd0\n[<00000000139aab02>] realloc_array+0x82/0xe2\n[<00000000b1ca41d1>] grow_stack_state+0xfb/0x186\n[<00000000cd6f36d2>] check_mem_access.cold+0x141/0x1341\n[<0000000081780455>] do_check_common+0x5358/0xb350\n[<0000000015f6b091>] bpf_check.cold+0xc3/0x29d\n[<000000002973c690>] bpf_prog_load+0x13db/0x2240\n[<00000000028d1644>] __sys_bpf+0x1605/0x4ce0\n[<00000000053f29bd>] __x64_sys_bpf+0x75/0xb0\n[<0000000056fedaf5>] do_syscall_64+0x35/0x80\n[<000000002bd58261>] entry_SYSCALL_64_after_hwframe+0x63/0xcd", "A flaw was found in the eBPF subsystem in the Linux kernel. An incorrect logic in a helper function for memory reallocation can cause memory leaks when a memory allocation error occurs, potentially leading to system instability and a denial of service." ], "statement" : "This issue has been fixed in Red Hat Enterprise Linux 9.3 via RHSA-2023:6583 [1].\n[1]. https://access.redhat.com/errata/RHSA-2023:6583", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-49878\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49878\nhttps://lore.kernel.org/linux-cve-announce/2025050153-CVE-2022-49878-1e05@gregkh/T" ], "name" : "CVE-2022-49878", "csaw" : false }