CVE-2022-49796

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49796
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49796.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-49796
Downstream
Related
Published
2025-05-01T14:09:26Z
Modified
2025-10-15T00:32:18.786404Z
Summary
tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit()
Details

In the Linux kernel, the following vulnerability has been resolved:

tracing: kprobe: Fix potential null-ptr-deref on tracearray in kprobeeventgentest_exit()

When testgenkprobecmd() failed after kprobeeventgencmdend(), it will goto delete, which will call kprobeeventdelete() and release the corresponding resource. However, the tracearray in genkretprobetest will point to the invalid resource. Set genkretprobetest to NULL after called kprobeeventdelete() to prevent null-ptr-deref.

BUG: kernel NULL pointer dereference, address: 0000000000000070 PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 0 PID: 246 Comm: modprobe Tainted: G W 6.1.0-rc1-00174-g9522dc5c87da-dirty #248 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 RIP: 0010:_ftracesetclreventnolock+0x53/0x1b0 Code: e8 82 26 fc ff 49 8b 1e c7 44 24 0c ea ff ff ff 49 39 de 0f 84 3c 01 00 00 c7 44 24 18 00 00 00 00 e8 61 26 fc ff 48 8b 6b 10 <44> 8b 65 70 4c 8b 6d 18 41 f7 c4 00 02 00 00 75 2f RSP: 0018:ffffc9000159fe00 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff88810971d268 RCX: 0000000000000000 RDX: ffff8881080be600 RSI: ffffffff811b48ff RDI: ffff88810971d058 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 R10: ffffc9000159fe58 R11: 0000000000000001 R12: ffffffffa0001064 R13: ffffffffa000106c R14: ffff88810971d238 R15: 0000000000000000 FS: 00007f89eeff6540(0000) GS:ffff88813b600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000070 CR3: 000000010599e004 CR4: 0000000000330ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> _ftracesetclrevent+0x3e/0x60 tracearraysetclrevent+0x35/0x50 ? 0xffffffffa0000000 kprobeeventgentestexit+0xcd/0x10b [kprobeeventgentest] _x64sysdeletemodule+0x206/0x380 ? lockdephardirqsonprepare+0xd8/0x190 ? syscallenterfromusermode+0x1c/0x50 dosyscall64+0x3f/0x90 entrySYSCALL64after_hwframe+0x63/0xcd RIP: 0033:0x7f89eeb061b7

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
64836248dda20c8e7427b493f7e06d9bf8f58850
Fixed
28a54854a95923b6266a9479ad660ca2cc0e1d5f
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
64836248dda20c8e7427b493f7e06d9bf8f58850
Fixed
e57daa750369fedbf678346aec724a43b9a51749
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
64836248dda20c8e7427b493f7e06d9bf8f58850
Fixed
510c12f93674ea0a1423b24f36c67357168a262a
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
64836248dda20c8e7427b493f7e06d9bf8f58850
Fixed
22ea4ca9631eb137e64e5ab899e9c89cb6670959

Affected versions

v5.*

v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.10.1
v5.10.10
v5.10.100
v5.10.101
v5.10.102
v5.10.103
v5.10.104
v5.10.105
v5.10.106
v5.10.107
v5.10.108
v5.10.109
v5.10.11
v5.10.110
v5.10.111
v5.10.112
v5.10.113
v5.10.114
v5.10.115
v5.10.116
v5.10.117
v5.10.118
v5.10.119
v5.10.12
v5.10.120
v5.10.121
v5.10.122
v5.10.123
v5.10.124
v5.10.125
v5.10.126
v5.10.127
v5.10.128
v5.10.129
v5.10.13
v5.10.130
v5.10.131
v5.10.132
v5.10.133
v5.10.134
v5.10.135
v5.10.136
v5.10.137
v5.10.138
v5.10.139
v5.10.14
v5.10.140
v5.10.141
v5.10.142
v5.10.143
v5.10.144
v5.10.145
v5.10.146
v5.10.147
v5.10.148
v5.10.149
v5.10.15
v5.10.150
v5.10.151
v5.10.152
v5.10.153
v5.10.154
v5.10.155
v5.10.16
v5.10.17
v5.10.18
v5.10.19
v5.10.2
v5.10.20
v5.10.21
v5.10.22
v5.10.23
v5.10.24
v5.10.25
v5.10.26
v5.10.27
v5.10.28
v5.10.29
v5.10.3
v5.10.30
v5.10.31
v5.10.32
v5.10.33
v5.10.34
v5.10.35
v5.10.36
v5.10.37
v5.10.38
v5.10.39
v5.10.4
v5.10.40
v5.10.41
v5.10.42
v5.10.43
v5.10.44
v5.10.45
v5.10.46
v5.10.47
v5.10.48
v5.10.49
v5.10.5
v5.10.50
v5.10.51
v5.10.52
v5.10.53
v5.10.54
v5.10.55
v5.10.56
v5.10.57
v5.10.58
v5.10.59
v5.10.6
v5.10.60
v5.10.61
v5.10.62
v5.10.63
v5.10.64
v5.10.65
v5.10.66
v5.10.67
v5.10.68
v5.10.69
v5.10.7
v5.10.70
v5.10.71
v5.10.72
v5.10.73
v5.10.74
v5.10.75
v5.10.76
v5.10.77
v5.10.78
v5.10.79
v5.10.8
v5.10.80
v5.10.81
v5.10.82
v5.10.83
v5.10.84
v5.10.85
v5.10.86
v5.10.87
v5.10.88
v5.10.89
v5.10.9
v5.10.90
v5.10.91
v5.10.92
v5.10.93
v5.10.94
v5.10.95
v5.10.96
v5.10.97
v5.10.98
v5.10.99
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.60
v5.15.61
v5.15.62
v5.15.63
v5.15.64
v5.15.65
v5.15.66
v5.15.67
v5.15.68
v5.15.69
v5.15.7
v5.15.70
v5.15.71
v5.15.72
v5.15.73
v5.15.74
v5.15.75
v5.15.76
v5.15.77
v5.15.78
v5.15.79
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.5
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 789.0,
                "function_hash": "149465517714806664501260840032099208106"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@28a54854a95923b6266a9479ad660ca2cc0e1d5f",
            "signature_type": "Function",
            "target": {
                "function": "test_gen_kretprobe_cmd",
                "file": "kernel/trace/kprobe_event_gen_test.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2022-49796-29d161ab"
        },
        {
            "digest": {
                "length": 789.0,
                "function_hash": "149465517714806664501260840032099208106"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e57daa750369fedbf678346aec724a43b9a51749",
            "signature_type": "Function",
            "target": {
                "function": "test_gen_kretprobe_cmd",
                "file": "kernel/trace/kprobe_event_gen_test.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2022-49796-4a918f5b"
        },
        {
            "digest": {
                "length": 891.0,
                "function_hash": "306849040834650837991867311174225132473"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@22ea4ca9631eb137e64e5ab899e9c89cb6670959",
            "signature_type": "Function",
            "target": {
                "function": "test_gen_kprobe_cmd",
                "file": "kernel/trace/kprobe_event_gen_test.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2022-49796-54696f8d"
        },
        {
            "digest": {
                "line_hashes": [
                    "167535879587505267915475632763387119621",
                    "276288558253625982873181628327918134963",
                    "198977382112763281586848818221070189445",
                    "283492549219431512183079493410805710750",
                    "167535879587505267915475632763387119621",
                    "311226221968819211800098658746536070679",
                    "326167877710559502751309848080388286925",
                    "96805391049518152203493257482501703465"
                ],
                "threshold": 0.9
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@22ea4ca9631eb137e64e5ab899e9c89cb6670959",
            "signature_type": "Line",
            "target": {
                "file": "kernel/trace/kprobe_event_gen_test.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2022-49796-597b188d"
        },
        {
            "digest": {
                "length": 891.0,
                "function_hash": "306849040834650837991867311174225132473"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e57daa750369fedbf678346aec724a43b9a51749",
            "signature_type": "Function",
            "target": {
                "function": "test_gen_kprobe_cmd",
                "file": "kernel/trace/kprobe_event_gen_test.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2022-49796-73ba0748"
        },
        {
            "digest": {
                "line_hashes": [
                    "167535879587505267915475632763387119621",
                    "276288558253625982873181628327918134963",
                    "198977382112763281586848818221070189445",
                    "283492549219431512183079493410805710750",
                    "167535879587505267915475632763387119621",
                    "311226221968819211800098658746536070679",
                    "326167877710559502751309848080388286925",
                    "96805391049518152203493257482501703465"
                ],
                "threshold": 0.9
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@28a54854a95923b6266a9479ad660ca2cc0e1d5f",
            "signature_type": "Line",
            "target": {
                "file": "kernel/trace/kprobe_event_gen_test.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2022-49796-79b7e038"
        },
        {
            "digest": {
                "length": 891.0,
                "function_hash": "306849040834650837991867311174225132473"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@28a54854a95923b6266a9479ad660ca2cc0e1d5f",
            "signature_type": "Function",
            "target": {
                "function": "test_gen_kprobe_cmd",
                "file": "kernel/trace/kprobe_event_gen_test.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2022-49796-8977eb75"
        },
        {
            "digest": {
                "line_hashes": [
                    "167535879587505267915475632763387119621",
                    "276288558253625982873181628327918134963",
                    "198977382112763281586848818221070189445",
                    "283492549219431512183079493410805710750",
                    "167535879587505267915475632763387119621",
                    "311226221968819211800098658746536070679",
                    "326167877710559502751309848080388286925",
                    "96805391049518152203493257482501703465"
                ],
                "threshold": 0.9
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e57daa750369fedbf678346aec724a43b9a51749",
            "signature_type": "Line",
            "target": {
                "file": "kernel/trace/kprobe_event_gen_test.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2022-49796-a91e2bdc"
        },
        {
            "digest": {
                "length": 789.0,
                "function_hash": "149465517714806664501260840032099208106"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@22ea4ca9631eb137e64e5ab899e9c89cb6670959",
            "signature_type": "Function",
            "target": {
                "function": "test_gen_kretprobe_cmd",
                "file": "kernel/trace/kprobe_event_gen_test.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2022-49796-bdb4b4ce"
        },
        {
            "digest": {
                "length": 891.0,
                "function_hash": "306849040834650837991867311174225132473"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@510c12f93674ea0a1423b24f36c67357168a262a",
            "signature_type": "Function",
            "target": {
                "function": "test_gen_kprobe_cmd",
                "file": "kernel/trace/kprobe_event_gen_test.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2022-49796-d3ee2269"
        },
        {
            "digest": {
                "line_hashes": [
                    "167535879587505267915475632763387119621",
                    "276288558253625982873181628327918134963",
                    "198977382112763281586848818221070189445",
                    "283492549219431512183079493410805710750",
                    "167535879587505267915475632763387119621",
                    "311226221968819211800098658746536070679",
                    "326167877710559502751309848080388286925",
                    "96805391049518152203493257482501703465"
                ],
                "threshold": 0.9
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@510c12f93674ea0a1423b24f36c67357168a262a",
            "signature_type": "Line",
            "target": {
                "file": "kernel/trace/kprobe_event_gen_test.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2022-49796-ee648c83"
        },
        {
            "digest": {
                "length": 789.0,
                "function_hash": "149465517714806664501260840032099208106"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@510c12f93674ea0a1423b24f36c67357168a262a",
            "signature_type": "Function",
            "target": {
                "function": "test_gen_kretprobe_cmd",
                "file": "kernel/trace/kprobe_event_gen_test.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2022-49796-f931db2f"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.6.0
Fixed
5.10.156
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.80
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.0.10