{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-49796","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-05-01T14:05:17.224Z","datePublished":"2025-05-01T14:09:26.392Z","dateUpdated":"2026-05-11T19:06:57.256Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:06:57.256Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit()\n\nWhen test_gen_kprobe_cmd() failed after kprobe_event_gen_cmd_end(), it\nwill goto delete, which will call kprobe_event_delete() and release the\ncorresponding resource. However, the trace_array in gen_kretprobe_test\nwill point to the invalid resource. Set gen_kretprobe_test to NULL\nafter called kprobe_event_delete() to prevent null-ptr-deref.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000070\nPGD 0 P4D 0\nOops: 0000 [#1] SMP PTI\nCPU: 0 PID: 246 Comm: modprobe Tainted: G        W\n6.1.0-rc1-00174-g9522dc5c87da-dirty #248\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\nRIP: 0010:__ftrace_set_clr_event_nolock+0x53/0x1b0\nCode: e8 82 26 fc ff 49 8b 1e c7 44 24 0c ea ff ff ff 49 39 de 0f 84 3c\n01 00 00 c7 44 24 18 00 00 00 00 e8 61 26 fc ff 48 8b 6b 10 <44> 8b 65\n70 4c 8b 6d 18 41 f7 c4 00 02 00 00 75 2f\nRSP: 0018:ffffc9000159fe00 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffff88810971d268 RCX: 0000000000000000\nRDX: ffff8881080be600 RSI: ffffffff811b48ff RDI: ffff88810971d058\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001\nR10: ffffc9000159fe58 R11: 0000000000000001 R12: ffffffffa0001064\nR13: ffffffffa000106c R14: ffff88810971d238 R15: 0000000000000000\nFS:  00007f89eeff6540(0000) GS:ffff88813b600000(0000)\nknlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000070 CR3: 000000010599e004 CR4: 0000000000330ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n __ftrace_set_clr_event+0x3e/0x60\n trace_array_set_clr_event+0x35/0x50\n ? 0xffffffffa0000000\n kprobe_event_gen_test_exit+0xcd/0x10b [kprobe_event_gen_test]\n __x64_sys_delete_module+0x206/0x380\n ? lockdep_hardirqs_on_prepare+0xd8/0x190\n ? syscall_enter_from_user_mode+0x1c/0x50\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f89eeb061b7"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/trace/kprobe_event_gen_test.c"],"versions":[{"version":"64836248dda20c8e7427b493f7e06d9bf8f58850","lessThan":"28a54854a95923b6266a9479ad660ca2cc0e1d5f","status":"affected","versionType":"git"},{"version":"64836248dda20c8e7427b493f7e06d9bf8f58850","lessThan":"e57daa750369fedbf678346aec724a43b9a51749","status":"affected","versionType":"git"},{"version":"64836248dda20c8e7427b493f7e06d9bf8f58850","lessThan":"510c12f93674ea0a1423b24f36c67357168a262a","status":"affected","versionType":"git"},{"version":"64836248dda20c8e7427b493f7e06d9bf8f58850","lessThan":"22ea4ca9631eb137e64e5ab899e9c89cb6670959","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/trace/kprobe_event_gen_test.c"],"versions":[{"version":"5.6","status":"affected"},{"version":"0","lessThan":"5.6","status":"unaffected","versionType":"semver"},{"version":"5.10.156","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.80","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.0.10","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"5.10.156"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"5.15.80"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.0.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/28a54854a95923b6266a9479ad660ca2cc0e1d5f"},{"url":"https://git.kernel.org/stable/c/e57daa750369fedbf678346aec724a43b9a51749"},{"url":"https://git.kernel.org/stable/c/510c12f93674ea0a1423b24f36c67357168a262a"},{"url":"https://git.kernel.org/stable/c/22ea4ca9631eb137e64e5ab899e9c89cb6670959"}],"title":"tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit()","x_generator":{"engine":"bippy-1.2.0"}}}}