{"id":"CVE-2022-49873","summary":"bpf: Fix wrong reg type conversion in release_reference()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix wrong reg type conversion in release_reference()\n\nSome helper functions will allocate memory. To avoid memory leaks, the\nverifier requires the eBPF program to release these memories by calling\nthe corresponding helper functions.\n\nWhen a resource is released, all pointer registers corresponding to the\nresource should be invalidated. The verifier use release_references() to\ndo this job, by apply  __mark_reg_unknown() to each relevant register.\n\nIt will give these registers the type of SCALAR_VALUE. A register that\nwill contain a pointer value at runtime, but of type SCALAR_VALUE, which\nmay allow the unprivileged user to get a kernel pointer by storing this\nregister into a map.\n\nUsing __mark_reg_not_init() while NOT allow_ptr_leaks can mitigate this\nproblem.","modified":"2026-04-02T08:28:01.509613Z","published":"2025-05-01T14:10:23.128Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49873.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/466ce46f251dfb259a8cbaa895ab9edd6fb56240"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ae5ccad6c711db0f2ca1231be051935dd128b8f5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cedd4f01f67be94735f15123158f485028571037"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f1db20814af532f85e091231223e5e4818e8464b"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49873.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49873"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"fd978bf7fd312581a7ca454a991f0ffb34c4204b"},{"fixed":"cedd4f01f67be94735f15123158f485028571037"},{"fixed":"466ce46f251dfb259a8cbaa895ab9edd6fb56240"},{"fixed":"ae5ccad6c711db0f2ca1231be051935dd128b8f5"},{"fixed":"f1db20814af532f85e091231223e5e4818e8464b"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49873.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}