CVE-2022-50219

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf: Fix KASAN use-after-free Read in compute_effective_progs<br /> <br /> Syzbot found a Use After Free bug in compute_effective_progs().<br /> The reproducer creates a number of BPF links, and causes a fault<br /> injected alloc to fail, while calling bpf_link_detach on them.<br /> Link detach triggers the link to be freed by bpf_link_free(),<br /> which calls __cgroup_bpf_detach() and update_effective_progs().<br /> If the memory allocation in this function fails, the function restores<br /> the pointer to the bpf_cgroup_link on the cgroup list, but the memory<br /> gets freed just after it returns. After this, every subsequent call to<br /> update_effective_progs() causes this already deallocated pointer to be<br /> dereferenced in prog_list_length(), and triggers KASAN UAF error.<br /> <br /> To fix this issue don&amp;#39;t preserve the pointer to the prog or link in the<br /> list, but remove it and replace it with a dummy prog without shrinking<br /> the table. The subsequent call to __cgroup_bpf_detach() or<br /> __cgroup_bpf_detach() will correct it.