Bug 2043520 (CVE-2022-23222) - CVE-2022-23222 kernel: local privileges escalation in kernel/bpf/verifier.c
Summary: CVE-2022-23222 kernel: local privileges escalation in kernel/bpf/verifier.c
Keywords:
Status: NEW
Alias: CVE-2022-23222
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2043521 2053105 2053106 2053107 2053108
Blocks: 2043522
TreeView+ depends on / blocked
 
Reported: 2022-01-21 12:53 UTC by Marian Rehak
Modified: 2024-02-08 16:51 UTC (History)
40 users (show)

Fixed In Version: kernel 5.17 rc1
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel's adjust_ptr_min_max_vals in the kernel/bpf/verifier.c function. In this flaw, a missing sanity check for *_OR_NULL pointer types that perform pointer arithmetic may cause a kernel information leak issue.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:0724 0 None None None 2024-02-07 16:28:17 UTC

Description Marian Rehak 2022-01-21 12:53:59 UTC 
Local privileges escalation possible because of the availability of pointer arithmetic via certain *_OR_NULL pointer types in kernel/bpf/verifier.c.

Reference:

https://www.openwall.com/lists/oss-security/2022/01/13/1
Comment 1 Marian Rehak 2022-01-21 12:54:22 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2043521]
Comment 18 errata-xmlrpc 2024-02-07 16:28:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0724
Note You need to log in before you can comment on or make changes to this bug.