{"id":"CVE-2022-2785","details":"There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c","modified":"2026-03-14T11:39:33.719966Z","published":"2022-09-23T11:15:09.510Z","related":["CGA-5xvv-94vx-3q3q"],"references":[{"type":"WEB","url":"https://lore.kernel.org/bpf/20220816205517.682470-1-zhuyifei%40google.com/T/#t"},{"type":"FIX","url":"https://git.kernel.org/bpf/bpf/c/86f44fcec22c"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2022-08-10"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2785.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}