CVE-2022-49548
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49548
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49548.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49548
- Downstream
- Related
- Published
- 2025-02-26T02:13:59Z
- Modified
- 2025-10-21T10:49:03.027919Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- bpf: Fix potential array overflow in bpf_trampoline_get_progs()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix potential array overflow in bpftrampolineget_progs()
The cnt value in the 'cnt >= BPFMAXTRAMPPROGS' check does not include BPFTRAMPMODIFYRETURN bpf programs, so the number of the attached BPFTRAMPMODIFYRETURN bpf programs in a trampoline can exceed BPFMAXTRAMPPROGS.
When this happens, the assignment '*progs++ = aux->prog' in bpftrampolinegetprogs() will cause progs array overflow as the progs field in the bpftrampprogs struct can only hold at most BPFMAXTRAMPPROGS bpf programs.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/32c4559c61652f24c9fdd5440342196fe37453bc
- https://git.kernel.org/stable/c/4f8897bcc20b9ae44758e0572538d741ab66f0dc
- https://git.kernel.org/stable/c/7f845de2863334bed4f362e95853f5e7bc323737
- https://git.kernel.org/stable/c/a2aa95b71c9bbec793b5c5fa50f0a80d882b3e8d
- https://git.kernel.org/stable/c/e36452d5da6325df7c10cffc60a9e68d21e2606d
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced88fd9e5352fe05f7fe57778293aebd4cd106960bFixed7f845de2863334bed4f362e95853f5e7bc323737
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced88fd9e5352fe05f7fe57778293aebd4cd106960bFixede36452d5da6325df7c10cffc60a9e68d21e2606d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced88fd9e5352fe05f7fe57778293aebd4cd106960bFixed32c4559c61652f24c9fdd5440342196fe37453bc
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced88fd9e5352fe05f7fe57778293aebd4cd106960bFixed4f8897bcc20b9ae44758e0572538d741ab66f0dc
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced88fd9e5352fe05f7fe57778293aebd4cd106960bFixeda2aa95b71c9bbec793b5c5fa50f0a80d882b3e8d
Affected versions
v5.*
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.10.1
v5.10.10
v5.10.100
v5.10.101
v5.10.102
v5.10.103
v5.10.104
v5.10.105
v5.10.106
v5.10.107
v5.10.108
v5.10.109
v5.10.11
v5.10.110
v5.10.111
v5.10.112
v5.10.113
v5.10.114
v5.10.115
v5.10.116
v5.10.117
v5.10.118
v5.10.119
v5.10.12
v5.10.13
v5.10.14
v5.10.15
v5.10.16
v5.10.17
v5.10.18
v5.10.19
v5.10.2
v5.10.20
v5.10.21
v5.10.22
v5.10.23
v5.10.24
v5.10.25
v5.10.26
v5.10.27
v5.10.28
v5.10.29
v5.10.3
v5.10.30
v5.10.31
v5.10.32
v5.10.33
v5.10.34
v5.10.35
v5.10.36
v5.10.37
v5.10.38
v5.10.39
v5.10.4
v5.10.40
v5.10.41
v5.10.42
v5.10.43
v5.10.44
v5.10.45
v5.10.46
v5.10.47
v5.10.48
v5.10.49
v5.10.5
v5.10.50
v5.10.51
v5.10.52
v5.10.53
v5.10.54
v5.10.55
v5.10.56
v5.10.57
v5.10.58
v5.10.59
v5.10.6
v5.10.60
v5.10.61
v5.10.62
v5.10.63
v5.10.64
v5.10.65
v5.10.66
v5.10.67
v5.10.68
v5.10.69
v5.10.7
v5.10.70
v5.10.71
v5.10.72
v5.10.73
v5.10.74
v5.10.75
v5.10.76
v5.10.77
v5.10.78
v5.10.79
v5.10.8
v5.10.80
v5.10.81
v5.10.82
v5.10.83
v5.10.84
v5.10.85
v5.10.86
v5.10.87
v5.10.88
v5.10.89
v5.10.9
v5.10.90
v5.10.91
v5.10.92
v5.10.93
v5.10.94
v5.10.95
v5.10.96
v5.10.97
v5.10.98
v5.10.99
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.17.10
v5.17.11
v5.17.12
v5.17.2
v5.17.3
v5.17.4
v5.17.5
v5.17.6
v5.17.7
v5.17.8
v5.17.9
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.6
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e36452d5da6325df7c10cffc60a9e68d21e2606d",
"signature_version": "v1",
"digest": {
"line_hashes": [
"301615699986766578240363568666725848374",
"121197832042092980398806126554504247870",
"157266492360356756729641283318367549686",
"22301563294495285093439672435927773877",
"228560174464162209079630407811522533039",
"340056705499801710924014595700766847967",
"305335739198898969902872451636406068711",
"109867175353183464833377049202773286921",
"186363378051445914036558768831122770989",
"112013425631235479596958039866325002736",
"193724701572090863394601729735606138185",
"244748880995326103246735885127201384122",
"296813409857760956508118558209471572920",
"241183208543614056747008226884696357970",
"168405064713856846874135594463935451753",
"21623325247869079177970299631542131894",
"69849324079776749664028745682996852815",
"20480927464089386715094261787753404773",
"217541496058237730062858398098312813809",
"264219222872714071571350912718672324270",
"96033803673536499640760129914575649045",
"182321246685766345815205748875593329720"
],
"threshold": 0.9
},
"target": {
"file": "kernel/bpf/trampoline.c"
},
"id": "CVE-2022-49548-0ccb015e",
"deprecated": false,
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@32c4559c61652f24c9fdd5440342196fe37453bc",
"signature_version": "v1",
"digest": {
"line_hashes": [
"301615699986766578240363568666725848374",
"121197832042092980398806126554504247870",
"157266492360356756729641283318367549686",
"22301563294495285093439672435927773877",
"228560174464162209079630407811522533039",
"340056705499801710924014595700766847967",
"305335739198898969902872451636406068711",
"109867175353183464833377049202773286921",
"186363378051445914036558768831122770989",
"112013425631235479596958039866325002736",
"193724701572090863394601729735606138185",
"244748880995326103246735885127201384122",
"296813409857760956508118558209471572920",
"241183208543614056747008226884696357970",
"168405064713856846874135594463935451753",
"21623325247869079177970299631542131894",
"69849324079776749664028745682996852815",
"20480927464089386715094261787753404773",
"217541496058237730062858398098312813809",
"264219222872714071571350912718672324270",
"96033803673536499640760129914575649045",
"182321246685766345815205748875593329720"
],
"threshold": 0.9
},
"target": {
"file": "kernel/bpf/trampoline.c"
},
"id": "CVE-2022-49548-1168f2b2",
"deprecated": false,
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4f8897bcc20b9ae44758e0572538d741ab66f0dc",
"signature_version": "v1",
"digest": {
"function_hash": "34958413776297797364557840439996673704",
"length": 937.0
},
"target": {
"function": "bpf_trampoline_link_prog",
"file": "kernel/bpf/trampoline.c"
},
"id": "CVE-2022-49548-12d1a3c9",
"deprecated": false,
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7f845de2863334bed4f362e95853f5e7bc323737",
"signature_version": "v1",
"digest": {
"function_hash": "34958413776297797364557840439996673704",
"length": 937.0
},
"target": {
"function": "bpf_trampoline_link_prog",
"file": "kernel/bpf/trampoline.c"
},
"id": "CVE-2022-49548-1ebfaf52",
"deprecated": false,
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7f845de2863334bed4f362e95853f5e7bc323737",
"signature_version": "v1",
"digest": {
"function_hash": "293906494993082530402391941701887247221",
"length": 462.0
},
"target": {
"function": "bpf_trampoline_put",
"file": "kernel/bpf/trampoline.c"
},
"id": "CVE-2022-49548-32f4bbaf",
"deprecated": false,
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4f8897bcc20b9ae44758e0572538d741ab66f0dc",
"signature_version": "v1",
"digest": {
"line_hashes": [
"301615699986766578240363568666725848374",
"121197832042092980398806126554504247870",
"157266492360356756729641283318367549686",
"22301563294495285093439672435927773877",
"228560174464162209079630407811522533039",
"340056705499801710924014595700766847967",
"305335739198898969902872451636406068711",
"109867175353183464833377049202773286921",
"186363378051445914036558768831122770989",
"112013425631235479596958039866325002736",
"193724701572090863394601729735606138185",
"244748880995326103246735885127201384122",
"296813409857760956508118558209471572920",
"241183208543614056747008226884696357970",
"168405064713856846874135594463935451753",
"21623325247869079177970299631542131894",
"69849324079776749664028745682996852815",
"20480927464089386715094261787753404773",
"217541496058237730062858398098312813809",
"264219222872714071571350912718672324270",
"96033803673536499640760129914575649045",
"182321246685766345815205748875593329720"
],
"threshold": 0.9
},
"target": {
"file": "kernel/bpf/trampoline.c"
},
"id": "CVE-2022-49548-3f1e941f",
"deprecated": false,
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4f8897bcc20b9ae44758e0572538d741ab66f0dc",
"signature_version": "v1",
"digest": {
"function_hash": "293906494993082530402391941701887247221",
"length": 462.0
},
"target": {
"function": "bpf_trampoline_put",
"file": "kernel/bpf/trampoline.c"
},
"id": "CVE-2022-49548-434d6b83",
"deprecated": false,
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a2aa95b71c9bbec793b5c5fa50f0a80d882b3e8d",
"signature_version": "v1",
"digest": {
"line_hashes": [
"31356647161349858314948068861742869684",
"314089113206557361217261994272605577862",
"172316934520908363858903487560119266037",
"135439941717521882472151973050052905693",
"228560174464162209079630407811522533039",
"340056705499801710924014595700766847967",
"305335739198898969902872451636406068711",
"109867175353183464833377049202773286921",
"186363378051445914036558768831122770989",
"112013425631235479596958039866325002736",
"193724701572090863394601729735606138185",
"244748880995326103246735885127201384122",
"296813409857760956508118558209471572920",
"241183208543614056747008226884696357970",
"168405064713856846874135594463935451753",
"21623325247869079177970299631542131894",
"69849324079776749664028745682996852815",
"20480927464089386715094261787753404773",
"217541496058237730062858398098312813809",
"264219222872714071571350912718672324270",
"96033803673536499640760129914575649045",
"182321246685766345815205748875593329720"
],
"threshold": 0.9
},
"target": {
"file": "kernel/bpf/trampoline.c"
},
"id": "CVE-2022-49548-500b858f",
"deprecated": false,
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a2aa95b71c9bbec793b5c5fa50f0a80d882b3e8d",
"signature_version": "v1",
"digest": {
"function_hash": "148874279520106601646038400466875013519",
"length": 1148.0
},
"target": {
"function": "bpf_trampoline_link_prog",
"file": "kernel/bpf/trampoline.c"
},
"id": "CVE-2022-49548-675493e0",
"deprecated": false,
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e36452d5da6325df7c10cffc60a9e68d21e2606d",
"signature_version": "v1",
"digest": {
"function_hash": "34958413776297797364557840439996673704",
"length": 937.0
},
"target": {
"function": "bpf_trampoline_link_prog",
"file": "kernel/bpf/trampoline.c"
},
"id": "CVE-2022-49548-940d3f93",
"deprecated": false,
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7f845de2863334bed4f362e95853f5e7bc323737",
"signature_version": "v1",
"digest": {
"line_hashes": [
"301615699986766578240363568666725848374",
"121197832042092980398806126554504247870",
"157266492360356756729641283318367549686",
"22301563294495285093439672435927773877",
"228560174464162209079630407811522533039",
"340056705499801710924014595700766847967",
"305335739198898969902872451636406068711",
"109867175353183464833377049202773286921",
"186363378051445914036558768831122770989",
"112013425631235479596958039866325002736",
"193724701572090863394601729735606138185",
"244748880995326103246735885127201384122",
"296813409857760956508118558209471572920",
"241183208543614056747008226884696357970",
"168405064713856846874135594463935451753",
"21623325247869079177970299631542131894",
"69849324079776749664028745682996852815",
"20480927464089386715094261787753404773",
"217541496058237730062858398098312813809",
"264219222872714071571350912718672324270",
"96033803673536499640760129914575649045",
"182321246685766345815205748875593329720"
],
"threshold": 0.9
},
"target": {
"file": "kernel/bpf/trampoline.c"
},
"id": "CVE-2022-49548-9752098a",
"deprecated": false,
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e36452d5da6325df7c10cffc60a9e68d21e2606d",
"signature_version": "v1",
"digest": {
"function_hash": "293906494993082530402391941701887247221",
"length": 462.0
},
"target": {
"function": "bpf_trampoline_put",
"file": "kernel/bpf/trampoline.c"
},
"id": "CVE-2022-49548-983e6185",
"deprecated": false,
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@32c4559c61652f24c9fdd5440342196fe37453bc",
"signature_version": "v1",
"digest": {
"function_hash": "293906494993082530402391941701887247221",
"length": 462.0
},
"target": {
"function": "bpf_trampoline_put",
"file": "kernel/bpf/trampoline.c"
},
"id": "CVE-2022-49548-a15293a1",
"deprecated": false,
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a2aa95b71c9bbec793b5c5fa50f0a80d882b3e8d",
"signature_version": "v1",
"digest": {
"function_hash": "293906494993082530402391941701887247221",
"length": 462.0
},
"target": {
"function": "bpf_trampoline_put",
"file": "kernel/bpf/trampoline.c"
},
"id": "CVE-2022-49548-b0793d70",
"deprecated": false,
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@32c4559c61652f24c9fdd5440342196fe37453bc",
"signature_version": "v1",
"digest": {
"function_hash": "34958413776297797364557840439996673704",
"length": 937.0
},
"target": {
"function": "bpf_trampoline_link_prog",
"file": "kernel/bpf/trampoline.c"
},
"id": "CVE-2022-49548-fd535133",
"deprecated": false,
"signature_type": "Function"
}
]