Bug 1195373 - (CVE-2022-0433) VUL-0: CVE-2022-0433: kernel-source-azure,kernel-source-rt,kernel-source: missing initialization in bloom filter map in kernel/bpf/bloom_filter.c can lead to DoS
(CVE-2022-0433)
VUL-0: CVE-2022-0433: kernel-source-azure,kernel-source-rt,kernel-source: mis...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/322224/
CVSSv3.1:SUSE:CVE-2022-0433:5.5:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-02-01 08:46 UTC by Robert Frohl
Modified: 2022-06-09 09:24 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2022-02-01 08:46:47 UTC
rh#2048259

The bug inside bloom filter.
Results in Null Pointer Dereference when map_get_next_key function inside BPF code being executed by local user.

This is new (fresh) bloom filter functionality of the eBPF that is actual starting from this commit:
https://lore.kernel.org/bpf/20210921210225.4095056-2-joannekoong@fb.com/

Reference to the patch:
https://lore.kernel.org/bpf/d5776f5d-3416-4e3b-8751-8a5a9e6a0d4d@iogearbox.net/T/

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2048259
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0433
Comment 1 Robert Frohl 2022-02-01 08:49:14 UTC
bloom filters since v5.16 in upstream, so likely only for oS Factory
Comment 2 Robert Frohl 2022-02-01 08:55:19 UTC
(In reply to Robert Frohl from comment #1)
> bloom filters since v5.16 in upstream, so likely only for oS Factory

only Factory
Comment 3 Takashi Iwai 2022-02-02 09:43:28 UTC
The upstream fix commit 3ccdcee28415c4226de05438b4d89eb5514edf73
included in 5.16.3 stable tree.  So stable branch is already covered.

Reassigned back to security team.
Comment 4 Carlos López 2022-06-09 09:24:54 UTC
Done, closing.