{"id":"CVE-2022-49837","summary":"bpf: Fix memory leaks in __check_func_call","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix memory leaks in __check_func_call\n\nkmemleak reports this issue:\n\nunreferenced object 0xffff88817139d000 (size 2048):\n  comm \"test_progs\", pid 33246, jiffies 4307381979 (age 45851.820s)\n  hex dump (first 32 bytes):\n    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [\u003c0000000045f075f0\u003e] kmalloc_trace+0x27/0xa0\n    [\u003c0000000098b7c90a\u003e] __check_func_call+0x316/0x1230\n    [\u003c00000000b4c3c403\u003e] check_helper_call+0x172e/0x4700\n    [\u003c00000000aa3875b7\u003e] do_check+0x21d8/0x45e0\n    [\u003c000000001147357b\u003e] do_check_common+0x767/0xaf0\n    [\u003c00000000b5a595b4\u003e] bpf_check+0x43e3/0x5bc0\n    [\u003c0000000011e391b1\u003e] bpf_prog_load+0xf26/0x1940\n    [\u003c0000000007f765c0\u003e] __sys_bpf+0xd2c/0x3650\n    [\u003c00000000839815d6\u003e] __x64_sys_bpf+0x75/0xc0\n    [\u003c00000000946ee250\u003e] do_syscall_64+0x3b/0x90\n    [\u003c0000000000506b7f\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe root case here is: In function prepare_func_exit(), the callee is\nnot released in the abnormal scenario after \"state-\u003ecurframe--;\". To\nfix, move \"state-\u003ecurframe--;\" to the very bottom of the function,\nright when we free callee and reset frame[] pointer to NULL, as Andrii\nsuggested.\n\nIn addition, function __check_func_call() has a similar problem. In\nthe abnormal scenario before \"state-\u003ecurframe++;\", the callee also\nshould be released by free_func_state().","modified":"2026-04-03T13:14:43.957538620Z","published":"2025-05-01T14:09:54.141Z","related":["SUSE-SU-2025:01966-1","SUSE-SU-2025:02173-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49837.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/83946d772e756734a900ef99dbe0aeda506adf37"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d4944497827a3d14bc5a26dbcfb7433eb5a956c0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/eb86559a691cea5fa63e57a03ec3dc9c31e97955"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49837.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49837"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"fd978bf7fd312581a7ca454a991f0ffb34c4204b"},{"fixed":"d4944497827a3d14bc5a26dbcfb7433eb5a956c0"},{"fixed":"83946d772e756734a900ef99dbe0aeda506adf37"},{"fixed":"eb86559a691cea5fa63e57a03ec3dc9c31e97955"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49837.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}