2320776 – (CVE-2022-49030) CVE-2022-49030 kernel: libbpf: Handle size overflow for ringbuf mmap

Bug 2320776 (CVE-2022-49030) - CVE-2022-49030 kernel: libbpf: Handle size overflow for ringbuf mmap

Summary: CVE-2022-49030 kernel: libbpf: Handle size overflow for ringbuf mmap

Keywords:
Status:	NEW
Alias:	CVE-2022-49030
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-10-21 22:03 UTC by OSIDB Bzimport
Modified:	2024-10-26 04:54 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-10-21 22:03:32 UTC

In the Linux kernel, the following vulnerability has been resolved:

libbpf: Handle size overflow for ringbuf mmap

The maximum size of ringbuf is 2GB on x86-64 host, so 2 * max_entries
will overflow u32 when mapping producer page and data pages. Only
casting max_entries to size_t is not enough, because for 32-bits
application on 64-bits kernel the size of read-only mmap region
also could overflow size_t.

So fixing it by casting the size of read-only mmap region into a __u64
and checking whether or not there will be overflow during mmap.

Comment 1 Avinash Hanwate 2024-10-22 05:43:30 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024102155-CVE-2022-49030-cee8@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.