Bugzilla – Bug 1204393
VUL-0: CVE-2022-3533: libbpf: memory leak in parse_usdt_arg()
Last modified: 2023-01-11 12:06:41 UTC
A vulnerability was found in Linux Kernel. It has been rated as problematic.
This issue affects the function parse_usdt_arg of the file tools/lib/bpf/usdt.c
of the component BPF. The manipulation of the argument reg_name leads to memory
leak. It is recommended to apply a patch to fix this issue. The associated
identifier of this vulnerability is VDB-211031.
Same here, I don't know which ones between kernel and libbpf should be tracked.
For the kernel, the commit introducing the bug is only in stable, and the fix is not applied yet. Therefore only stable is affected
Shung-Hsi, could you take this one, too?
I think there isn't any libbpf codestream affected
(In reply to Takashi Iwai from comment #2)
> Shung-Hsi, could you take this one, too?
(In reply to Thomas Leroy from comment #1)
> Same here, I don't know which ones between kernel and libbpf should be
> For the kernel, the commit introducing the bug is only in stable, and the
> fix is not applied yet. Therefore only stable is affected
Yeah libbpf is quite confusing. In general if the problematic commit introduced after Linux kernel v5.4 (inclusive), we can ignore the kernel, and just track the libbpf as affected; anything before we'd have to track both.
For this one the problematic commit is 0f8619929c57 ("libbpf: Usdt aarch64 arg parsing support") introduced in kernel v5.19, which is later than v5.4, so we have to look in the libbpf repo.
But it has a different commit ID there, so we had to do `git log --oneline --grep='Usdt aarch64 arg parsing support' | tail -n1` to find the commit, which is 557499a13ede in libbpf, introduced in libbpf v0.8.0.
So this one ends up being the same as bug 1204391, affecting libbpf package on Leap 15.4 and Tumbleweed/Factory.
(In reply to Shung-Hsi Yu from comment #4)
> So this one ends up being the same as bug 1204391, affecting libbpf package
> on Leap 15.4 and Tumbleweed/Factory.
Oops, I was wrong. Leap 15.4 has as older libbpf at v0.5.0, so indeed it's not affected.
Fix submitted to Tumbleweed/Factory in SR#1034423.
Reassigning back to security team.