Bug 1204393 – VUL-0: CVE-2022-3533: libbpf: memory leak in parse_usdt_arg()

Bug 1204393 - (CVE-2022-3533) VUL-0: CVE-2022-3533: libbpf: memory leak in parse_usdt_arg()

(CVE-2022-3533)
Summary:	VUL-0: CVE-2022-3533: libbpf: memory leak in parse_usdt_arg()

Status:	IN_PROGRESS

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/345332/
Whiteboard:	CVSSv3.1:SUSE:CVE-2022-3533:4.7:(AV:L...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-10-17 15:54 UTC by Thomas Leroy
Modified:	2023-01-11 12:06 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Leroy 2022-10-17 15:54:47 UTC

CVE-2022-3533

A vulnerability was found in Linux Kernel. It has been rated as problematic.
This issue affects the function parse_usdt_arg of the file tools/lib/bpf/usdt.c
of the component BPF. The manipulation of the argument reg_name leads to memory
leak. It is recommended to apply a patch to fix this issue. The associated
identifier of this vulnerability is VDB-211031.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3533
https://www.cve.org/CVERecord?id=CVE-2022-3533
https://vuldb.com/?id.211031
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=0dc9254e03704c75f2ebc9cbef2ce4de83fba603

Comment 1 Thomas Leroy 2022-10-17 15:56:20 UTC

Same here, I don't know which ones between kernel and libbpf should be tracked.

For the kernel, the commit introducing the bug is only in stable, and the fix is not applied yet. Therefore only stable is affected

Comment 2 Takashi Iwai 2022-10-18 07:11:31 UTC

Shung-Hsi, could you take this one, too?

Comment 3 Thomas Leroy 2022-10-18 08:06:02 UTC

I think there isn't any libbpf codestream affected

Comment 4 Shung-Hsi Yu 2022-10-21 06:57:40 UTC

(In reply to Takashi Iwai from comment #2)
> Shung-Hsi, could you take this one, too?

Yep, thanks!

(In reply to Thomas Leroy from comment #1)
> Same here, I don't know which ones between kernel and libbpf should be
> tracked.
> 
> For the kernel, the commit introducing the bug is only in stable, and the
> fix is not applied yet. Therefore only stable is affected

Yeah libbpf is quite confusing. In general if the problematic commit introduced after Linux kernel v5.4 (inclusive), we can ignore the kernel, and just track the libbpf as affected; anything before we'd have to track both.

For this one the problematic commit is 0f8619929c57 ("libbpf: Usdt aarch64 arg parsing support") introduced in kernel v5.19, which is later than v5.4, so we have to look in the libbpf repo.

But it has a different commit ID there, so we had to do `git log --oneline --grep='Usdt aarch64 arg parsing support' | tail -n1` to find the commit, which is 557499a13ede in libbpf, introduced in libbpf v0.8.0.

So this one ends up being the same as bug 1204391, affecting libbpf package on Leap 15.4 and Tumbleweed/Factory.

Comment 6 Shung-Hsi Yu 2022-10-21 07:12:24 UTC

(In reply to Shung-Hsi Yu from comment #4)
> So this one ends up being the same as bug 1204391, affecting libbpf package
> on Leap 15.4 and Tumbleweed/Factory.

Oops, I was wrong. Leap 15.4 has as older libbpf at v0.5.0, so indeed it's not affected.

Comment 7 Shung-Hsi Yu 2022-11-08 08:15:22 UTC

Fix submitted to Tumbleweed/Factory in SR#1034423.
Reassigning back to security team.