CVE-2022-49878

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf, verifier: Fix memory leak in array reallocation for stack state<br /> <br /> If an error (NULL) is returned by krealloc(), callers of realloc_array()<br /> were setting their allocation pointers to NULL, but on error krealloc()<br /> does not touch the original allocation. This would result in a memory<br /> resource leak. Instead, free the old allocation on the error handling<br /> path.<br /> <br /> The memory leak information is as follows as also reported by Zhengchao:<br /> <br /> unreferenced object 0xffff888019801800 (size 256):<br /> comm "bpf_repo", pid 6490, jiffies 4294959200 (age 17.170s)<br /> hex dump (first 32 bytes):<br /> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................<br /> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................<br /> backtrace:<br /> [] __kmalloc_node_track_caller+0x45/0xc0<br /> [] krealloc+0x83/0xd0<br /> [] realloc_array+0x82/0xe2<br /> [] grow_stack_state+0xfb/0x186<br /> [] check_mem_access.cold+0x141/0x1341<br /> [] do_check_common+0x5358/0xb350<br /> [] bpf_check.cold+0xc3/0x29d<br /> [] bpf_prog_load+0x13db/0x2240<br /> [] __sys_bpf+0x1605/0x4ce0<br /> [] __x64_sys_bpf+0x75/0xb0<br /> [] do_syscall_64+0x35/0x80<br /> [] entry_SYSCALL_64_after_hwframe+0x63/0xcd