CVE-2022-49797
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/05/2025
Last modified:
02/05/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit()<br />
<br />
When trace_get_event_file() failed, gen_kretprobe_test will be assigned<br />
as the error code. If module kprobe_event_gen_test is removed now, the<br />
null pointer dereference will happen in kprobe_event_gen_test_exit().<br />
Check if gen_kprobe_test or gen_kretprobe_test is error code or NULL<br />
before dereference them.<br />
<br />
BUG: kernel NULL pointer dereference, address: 0000000000000012<br />
PGD 0 P4D 0<br />
Oops: 0000 [#1] SMP PTI<br />
CPU: 3 PID: 2210 Comm: modprobe Not tainted<br />
6.1.0-rc1-00171-g2159299a3b74-dirty #217<br />
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS<br />
rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014<br />
RIP: 0010:kprobe_event_gen_test_exit+0x1c/0xb5 [kprobe_event_gen_test]<br />
Code: Unable to access opcode bytes at 0xffffffff9ffffff2.<br />
RSP: 0018:ffffc900015bfeb8 EFLAGS: 00010246<br />
RAX: ffffffffffffffea RBX: ffffffffa0002080 RCX: 0000000000000000<br />
RDX: ffffffffa0001054 RSI: ffffffffa0001064 RDI: ffffffffdfc6349c<br />
RBP: ffffffffa0000000 R08: 0000000000000004 R09: 00000000001e95c0<br />
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000800<br />
R13: ffffffffa0002420 R14: 0000000000000000 R15: 0000000000000000<br />
FS: 00007f56b75be540(0000) GS:ffff88813bc00000(0000)<br />
knlGS:0000000000000000<br />
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br />
CR2: ffffffff9ffffff2 CR3: 000000010874a006 CR4: 0000000000330ee0<br />
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br />
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br />
Call Trace:<br />
<br />
__x64_sys_delete_module+0x206/0x380<br />
? lockdep_hardirqs_on_prepare+0xd8/0x190<br />
? syscall_enter_from_user_mode+0x1c/0x50<br />
do_syscall_64+0x3f/0x90<br />
entry_SYSCALL_64_after_hwframe+0x63/0xcd