CVE-2022-49875

In the Linux kernel, the following vulnerability has been resolved:

bpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without FILE

When using bpftool to pin {PROG, MAP, LINK} without FILE, segmentation fault will occur. The reson is that the lack of FILE will cause strlen to trigger NULL pointer dereference. The corresponding stacktrace is shown below:

do_pin do_pin_any do_pin_fd mount_bpffs_for_pin strlen(name) <- NULL pointer dereference

Fix it by adding validation to the common process.

Published: May 1, 2025
Updated: May 8, 2025
CVE: CVE-2022-49875
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	6.1-rc2	6.1-rc2.x
linux / linux_kernel	6.1-rc1	6.1-rc1.x
linux / linux_kernel	6.1-rc3	6.1-rc3.x
linux / linux_kernel	6.1-rc4	6.1-rc4.x
linux / linux_kernel	5.11	5.15.79
linux / linux_kernel	5.16	6.0.9
linux / linux_kernel	5.7	5.10.155

https://git.kernel.org/stable/c/34de8e6e0e1f66e431abf4123934a2581cb5f133
https://git.kernel.org/stable/c/6dcdd1b68b7f9333d48d48fc77b75e7f235f6a4a
https://git.kernel.org/stable/c/8c80b2fca4112d724dde477aed13f7b0510a2792
https://git.kernel.org/stable/c/da5161ba94c5e9182c301dd4f09c94f715c068bd

Vulnerability Database

289,599

CVE-2022-49875