CVE-2022-49873

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf: Fix wrong reg type conversion in release_reference()<br /> <br /> Some helper functions will allocate memory. To avoid memory leaks, the<br /> verifier requires the eBPF program to release these memories by calling<br /> the corresponding helper functions.<br /> <br /> When a resource is released, all pointer registers corresponding to the<br /> resource should be invalidated. The verifier use release_references() to<br /> do this job, by apply __mark_reg_unknown() to each relevant register.<br /> <br /> It will give these registers the type of SCALAR_VALUE. A register that<br /> will contain a pointer value at runtime, but of type SCALAR_VALUE, which<br /> may allow the unprivileged user to get a kernel pointer by storing this<br /> register into a map.<br /> <br /> Using __mark_reg_not_init() while NOT allow_ptr_leaks can mitigate this<br /> problem.