VYPR
Medium severity5.5NVD Advisory· Published May 1, 2025· Updated Jun 17, 2026

CVE-2022-49873

CVE-2022-49873

Description

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix wrong reg type conversion in release_reference()

Some helper functions will allocate memory. To avoid memory leaks, the verifier requires the eBPF program to release these memories by calling the corresponding helper functions.

When a resource is released, all pointer registers corresponding to the resource should be invalidated. The verifier use release_references() to do this job, by apply __mark_reg_unknown() to each relevant register.

It will give these registers the type of SCALAR_VALUE. A register that will contain a pointer value at runtime, but of type SCALAR_VALUE, which may allow the unprivileged user to get a kernel pointer by storing this register into a map.

Using __mark_reg_not_init() while NOT allow_ptr_leaks can mitigate this problem.

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.