CVE-2022-49837
- Source
- https://cve.org/CVERecord?id=CVE-2022-49837
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49837.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49837
- Downstream
- Related
- Published
- 2025-05-01T14:09:54.141Z
- Modified
- 2026-03-11T07:56:07.600214Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- bpf: Fix memory leaks in __check_func_call
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix memory leaks in __checkfunccall
kmemleak reports this issue:
unreferenced object 0xffff88817139d000 (size 2048): comm "testprogs", pid 33246, jiffies 4307381979 (age 45851.820s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000045f075f0>] kmalloctrace+0x27/0xa0 [<0000000098b7c90a>] __checkfunccall+0x316/0x1230 [<00000000b4c3c403>] checkhelpercall+0x172e/0x4700 [<00000000aa3875b7>] docheck+0x21d8/0x45e0 [<000000001147357b>] docheckcommon+0x767/0xaf0 [<00000000b5a595b4>] bpfcheck+0x43e3/0x5bc0 [<0000000011e391b1>] bpfprogload+0xf26/0x1940 [<0000000007f765c0>] __sys_bpf+0xd2c/0x3650 [<00000000839815d6>] __x64sysbpf+0x75/0xc0 [<00000000946ee250>] dosyscall64+0x3b/0x90 [<0000000000506b7f>] entrySYSCALL64afterhwframe+0x63/0xcd
The root case here is: In function preparefuncexit(), the callee is not released in the abnormal scenario after "state->curframe--;". To fix, move "state->curframe--;" to the very bottom of the function, right when we free callee and reset frame[] pointer to NULL, as Andrii suggested.
In addition, function __checkfunccall() has a similar problem. In the abnormal scenario before "state->curframe++;", the callee also should be released by freefuncstate().
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49837.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/83946d772e756734a900ef99dbe0aeda506adf37
- https://git.kernel.org/stable/c/d4944497827a3d14bc5a26dbcfb7433eb5a956c0
- https://git.kernel.org/stable/c/eb86559a691cea5fa63e57a03ec3dc9c31e97955
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49837.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-49837
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfd978bf7fd312581a7ca454a991f0ffb34c4204bFixedd4944497827a3d14bc5a26dbcfb7433eb5a956c0Fixed83946d772e756734a900ef99dbe0aeda506adf37Fixedeb86559a691cea5fa63e57a03ec3dc9c31e97955
Affected versions
v4.*
v4.19
v4.19-rc6
v4.19-rc7
v4.19-rc8
v4.20
v4.20-rc1
v4.20-rc2
v4.20-rc3
v4.20-rc4
v4.20-rc5
v4.20-rc6
v4.20-rc7
v5.*
v5.0
v5.0-rc1
v5.0-rc2
v5.0-rc3
v5.0-rc4
v5.0-rc5
v5.0-rc6
v5.0-rc7
v5.0-rc8
v5.1
v5.1-rc1
v5.1-rc2
v5.1-rc3
v5.1-rc4
v5.1-rc5
v5.1-rc6
v5.1-rc7
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.60
v5.15.61
v5.15.62
v5.15.63
v5.15.64
v5.15.65
v5.15.66
v5.15.67
v5.15.68
v5.15.69
v5.15.7
v5.15.70
v5.15.71
v5.15.72
v5.15.73
v5.15.74
v5.15.75
v5.15.76
v5.15.77
v5.15.78
v5.15.79
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.2
v5.2-rc1
v5.2-rc2
v5.2-rc3
v5.2-rc4
v5.2-rc5
v5.2-rc6
v5.2-rc7
v5.3
v5.3-rc1
v5.3-rc2
v5.3-rc3
v5.3-rc4
v5.3-rc5
v5.3-rc6
v5.3-rc7
v5.3-rc8
v5.4
v5.4-rc1
v5.4-rc2
v5.4-rc3
v5.4-rc4
v5.4-rc5
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9
v6.1-rc1
v6.1-rc2
v6.1-rc3
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2022-49837-0cc082c0",
"target": {
"file": "kernel/bpf/verifier.c",
"function": "prepare_func_exit"
},
"digest": {
"length": 1176.0,
"function_hash": "188297220053834182253863127899973761391"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb86559a691cea5fa63e57a03ec3dc9c31e97955"
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2022-49837-25247760",
"target": {
"file": "kernel/bpf/verifier.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"198888559158825559273704487103918259569",
"71179026944372562532721694825969965964",
"153100273676350872538387302952506698792",
"111398772219605569591774706636286750112",
"201768859871564643504014622802779389714",
"61318605400894410068973940403765409635",
"69708250920132672661064519053549824048",
"22591020599247189304726861734144172929",
"146768271325495802519104346009467271099",
"334020884404847435274214174098237390571",
"241267916452078491197658849421475249290",
"232490596694873434721092689220320323600",
"105616815507719300125239371070106723308",
"53579629468902761353420560664412072303",
"160300239059679054483312391336871468751",
"8750144334112259249574747374149575343",
"171804441324078647551963472024133375280",
"319627414764373660513893234959723065533",
"332823148888275548975366874669896350417",
"153883346597009859901786559341536881696"
]
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb86559a691cea5fa63e57a03ec3dc9c31e97955"
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2022-49837-4d5d581c",
"target": {
"file": "kernel/bpf/verifier.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"198888559158825559273704487103918259569",
"71179026944372562532721694825969965964",
"153100273676350872538387302952506698792",
"111398772219605569591774706636286750112",
"201768859871564643504014622802779389714",
"61318605400894410068973940403765409635",
"69708250920132672661064519053549824048",
"22591020599247189304726861734144172929",
"146768271325495802519104346009467271099",
"334020884404847435274214174098237390571",
"241267916452078491197658849421475249290",
"232490596694873434721092689220320323600",
"105616815507719300125239371070106723308",
"53579629468902761353420560664412072303",
"326651447049434660512962910488280025425",
"43398512636898431800439488893548478299",
"171804441324078647551963472024133375280",
"319627414764373660513893234959723065533",
"332823148888275548975366874669896350417",
"153883346597009859901786559341536881696"
]
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@83946d772e756734a900ef99dbe0aeda506adf37"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2022-49837-52ada497",
"target": {
"file": "kernel/bpf/verifier.c",
"function": "prepare_func_exit"
},
"digest": {
"length": 1155.0,
"function_hash": "272252974701117569517311906309777204990"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d4944497827a3d14bc5a26dbcfb7433eb5a956c0"
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2022-49837-64ff7926",
"target": {
"file": "kernel/bpf/verifier.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"198888559158825559273704487103918259569",
"71179026944372562532721694825969965964",
"153100273676350872538387302952506698792",
"111398772219605569591774706636286750112",
"201768859871564643504014622802779389714",
"61318605400894410068973940403765409635",
"69708250920132672661064519053549824048",
"67804201637205135786715908201618762667",
"283461213329161507051990804429777547648",
"334020884404847435274214174098237390571",
"241267916452078491197658849421475249290",
"232490596694873434721092689220320323600",
"105616815507719300125239371070106723308",
"53579629468902761353420560664412072303",
"326651447049434660512962910488280025425",
"43398512636898431800439488893548478299",
"1040836760672942811244095623808936706",
"319627414764373660513893234959723065533",
"332823148888275548975366874669896350417",
"153883346597009859901786559341536881696"
]
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d4944497827a3d14bc5a26dbcfb7433eb5a956c0"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2022-49837-b839d2c4",
"target": {
"file": "kernel/bpf/verifier.c",
"function": "__check_func_call"
},
"digest": {
"length": 2387.0,
"function_hash": "41882388813172101977486574329109168667"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb86559a691cea5fa63e57a03ec3dc9c31e97955"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2022-49837-b9b90f01",
"target": {
"file": "kernel/bpf/verifier.c",
"function": "__check_func_call"
},
"digest": {
"length": 2387.0,
"function_hash": "41882388813172101977486574329109168667"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@83946d772e756734a900ef99dbe0aeda506adf37"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2022-49837-ccf50afb",
"target": {
"file": "kernel/bpf/verifier.c",
"function": "prepare_func_exit"
},
"digest": {
"length": 1169.0,
"function_hash": "67234432624514369908960338650559698652"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@83946d772e756734a900ef99dbe0aeda506adf37"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2022-49837-e7518a7b",
"target": {
"file": "kernel/bpf/verifier.c",
"function": "__check_func_call"
},
"digest": {
"length": 2373.0,
"function_hash": "304409669295167218962869456555177565375"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d4944497827a3d14bc5a26dbcfb7433eb5a956c0"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49837.json"