{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50078","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-06-18T10:57:27.408Z","datePublished":"2025-06-18T11:02:21.119Z","dateUpdated":"2026-05-11T19:12:26.324Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:12:26.324Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/eprobes: Do not allow eprobes to use $stack, or % for regs\n\nWhile playing with event probes (eprobes), I tried to see what would\nhappen if I attempted to retrieve the instruction pointer (%rip) knowing\nthat event probes do not use pt_regs. The result was:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000024\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 PID: 1847 Comm: trace-cmd Not tainted 5.19.0-rc5-test+ #309\n Hardware name: Hewlett-Packard HP Compaq Pro 6300 SFF/339A, BIOS K01\nv03.03 07/14/2016\n RIP: 0010:get_event_field.isra.0+0x0/0x50\n Code: ff 48 c7 c7 c0 8f 74 a1 e8 3d 8b f5 ff e8 88 09 f6 ff 4c 89 e7 e8\n50 6a 13 00 48 89 ef 5b 5d 41 5c 41 5d e9 42 6a 13 00 66 90 <48> 63 47 24\n8b 57 2c 48 01 c6 8b 47 28 83 f8 02 74 0e 83 f8 04 74\n RSP: 0018:ffff916c394bbaf0 EFLAGS: 00010086\n RAX: ffff916c854041d8 RBX: ffff916c8d9fbf50 RCX: ffff916c255d2000\n RDX: 0000000000000000 RSI: ffff916c255d2008 RDI: 0000000000000000\n RBP: 0000000000000000 R08: ffff916c3a2a0c08 R09: ffff916c394bbda8\n R10: 0000000000000000 R11: 0000000000000000 R12: ffff916c854041d8\n R13: ffff916c854041b0 R14: 0000000000000000 R15: 0000000000000000\n FS:  0000000000000000(0000) GS:ffff916c9ea40000(0000)\nknlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000024 CR3: 000000011b60a002 CR4: 00000000001706e0\n Call Trace:\n  <TASK>\n  get_eprobe_size+0xb4/0x640\n  ? __mod_node_page_state+0x72/0xc0\n  __eprobe_trace_func+0x59/0x1a0\n  ? __mod_lruvec_page_state+0xaa/0x1b0\n  ? page_remove_file_rmap+0x14/0x230\n  ? page_remove_rmap+0xda/0x170\n  event_triggers_call+0x52/0xe0\n  trace_event_buffer_commit+0x18f/0x240\n  trace_event_raw_event_sched_wakeup_template+0x7a/0xb0\n  try_to_wake_up+0x260/0x4c0\n  __wake_up_common+0x80/0x180\n  __wake_up_common_lock+0x7c/0xc0\n  do_notify_parent+0x1c9/0x2a0\n  exit_notify+0x1a9/0x220\n  do_exit+0x2ba/0x450\n  do_group_exit+0x2d/0x90\n  __x64_sys_exit_group+0x14/0x20\n  do_syscall_64+0x3b/0x90\n  entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nObviously this is not the desired result.\n\nMove the testing for TPARG_FL_TPOINT which is only used for event probes\nto the top of the \"$\" variable check, as all the other variables are not\nused for event probes. Also add a check in the register parsing \"%\" to\nfail if an event probe is used."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/trace/trace_probe.c"],"versions":[{"version":"7491e2c442781a1860181adb5ab472a52075f393","lessThan":"ba53c21ce9773743b8e0a8ada048c96ff2d55c67","status":"affected","versionType":"git"},{"version":"7491e2c442781a1860181adb5ab472a52075f393","lessThan":"7c262114a576d94c0ced80e232bbb17391a55908","status":"affected","versionType":"git"},{"version":"7491e2c442781a1860181adb5ab472a52075f393","lessThan":"2673c60ee67e71f2ebe34386e62d348f71edee47","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/trace/trace_probe.c"],"versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","status":"unaffected","versionType":"semver"},{"version":"5.15.63","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.19.4","lessThanOrEqual":"5.19.*","status":"unaffected","versionType":"semver"},{"version":"6.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.15.63"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.19.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/ba53c21ce9773743b8e0a8ada048c96ff2d55c67"},{"url":"https://git.kernel.org/stable/c/7c262114a576d94c0ced80e232bbb17391a55908"},{"url":"https://git.kernel.org/stable/c/2673c60ee67e71f2ebe34386e62d348f71edee47"}],"title":"tracing/eprobes: Do not allow eprobes to use $stack, or % for regs","x_generator":{"engine":"bippy-1.2.0"}}}}