CVE-2022-23222 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Privilege escalation
Description	kernel/bpf/verifier.c in the Linux Kernel 5.8 through 5.15.14 allows local users to gain privileges because of missing sanity check for pointer arithmetic via certain *_OR_NULL pointer types.

Group	Package	Affected	Fixed	Severity	Status
AVG-2671	linux-zen	5.15.14-1	5.15.15-1	High	Fixed
AVG-2670	linux-lts	5.15.14-1	5.15.15-1	High	Fixed
AVG-2669	linux-hardened	5.15.14.hardened1-1	5.15.15.hardened1-1	High	Fixed
AVG-2668	linux	5.15.14-1	5.15.15-1	High	Fixed

References
https://www.openwall.com/lists/oss-security/2022/01/14/1 https://www.openwall.com/lists/oss-security/2022/01/18/2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e8efe8369944c6199f124e3b50662ad05a048b60 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c25b2ae136039ffa820c26138ed4a5e5f3ab3841

References

https://www.openwall.com/lists/oss-security/2022/01/14/1
https://www.openwall.com/lists/oss-security/2022/01/18/2
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e8efe8369944c6199f124e3b50662ad05a048b60
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c25b2ae136039ffa820c26138ed4a5e5f3ab3841

Notes
The default kernels prevent unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space. To confirm the current state, inspect the sysctl with the command: cat /proc/sys/kernel/unprivileged_bpf_disabled The setting >=1 would mean that unprivileged users can not use eBPF, mitigating the flaw. A kernel update will be required to mitigate the flaw for root or users with CAP_SYS_ADMIN capabilities.

Notes

The default kernels prevent unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.
To confirm the current state, inspect the sysctl with the command:

    cat /proc/sys/kernel/unprivileged_bpf_disabled

The setting >=1 would mean that unprivileged users can not use eBPF, mitigating the flaw.
A kernel update will be required to mitigate the flaw for root or users with CAP_SYS_ADMIN capabilities.