Bug 1195373 – VUL-0: CVE-2022-0433: kernel-source-azure,kernel-source-rt,kernel-source: missing initialization in bloom filter map in kernel/bpf/bloom_filter.c can lead to DoS

Bug 1195373 - (CVE-2022-0433) VUL-0: CVE-2022-0433: kernel-source-azure,kernel-source-rt,kernel-source: missing initialization in bloom filter map in kernel/bpf/bloom_filter.c can lead to DoS

(CVE-2022-0433)
Summary:	VUL-0: CVE-2022-0433: kernel-source-azure,kernel-source-rt,kernel-source: mis...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/322224/
Whiteboard:	CVSSv3.1:SUSE:CVE-2022-0433:5.5:(AV:L...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-02-01 08:46 UTC by Robert Frohl
Modified:	2022-06-09 09:24 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Frohl 2022-02-01 08:46:47 UTC

rh#2048259

The bug inside bloom filter.
Results in Null Pointer Dereference when map_get_next_key function inside BPF code being executed by local user.

This is new (fresh) bloom filter functionality of the eBPF that is actual starting from this commit:
https://lore.kernel.org/bpf/20210921210225.4095056-2-joannekoong@fb.com/

Reference to the patch:
https://lore.kernel.org/bpf/d5776f5d-3416-4e3b-8751-8a5a9e6a0d4d@iogearbox.net/T/

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2048259
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0433

Comment 1 Robert Frohl 2022-02-01 08:49:14 UTC

bloom filters since v5.16 in upstream, so likely only for oS Factory

Comment 2 Robert Frohl 2022-02-01 08:55:19 UTC

(In reply to Robert Frohl from comment #1)
> bloom filters since v5.16 in upstream, so likely only for oS Factory

only Factory

Comment 3 Takashi Iwai 2022-02-02 09:43:28 UTC

The upstream fix commit 3ccdcee28415c4226de05438b4d89eb5514edf73
included in 5.16.3 stable tree.  So stable branch is already covered.

Reassigned back to security team.

Comment 4 Carlos López 2022-06-09 09:24:54 UTC

Done, closing.