CVE-2022-50883

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf: Prevent decl_tag from being referenced in func_proto arg<br /> <br /> Syzkaller managed to hit another decl_tag issue:<br /> <br /> btf_func_proto_check kernel/bpf/btf.c:4506 [inline]<br /> btf_check_all_types kernel/bpf/btf.c:4734 [inline]<br /> btf_parse_type_sec+0x1175/0x1980 kernel/bpf/btf.c:4763<br /> btf_parse kernel/bpf/btf.c:5042 [inline]<br /> btf_new_fd+0x65a/0xb00 kernel/bpf/btf.c:6709<br /> bpf_btf_load+0x6f/0x90 kernel/bpf/syscall.c:4342<br /> __sys_bpf+0x50a/0x6c0 kernel/bpf/syscall.c:5034<br /> __do_sys_bpf kernel/bpf/syscall.c:5093 [inline]<br /> __se_sys_bpf kernel/bpf/syscall.c:5091 [inline]<br /> __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5091<br /> do_syscall_64+0x54/0x70 arch/x86/entry/common.c:48<br /> <br /> This seems similar to commit ea68376c8bed ("bpf: prevent decl_tag from being<br /> referenced in func_proto") but for the argument.