Debian: CVE-2022-48770: linux -- security update

Debian: CVE-2022-48770: linux -- security update

Severity

5

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

06/20/2024

Created

07/31/2024

Added

07/30/2024

Modified

01/28/2025

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack() task_pt_regs() can return NULL on powerpc for kernel threads. This is then used in __bpf_get_stack() to check for user mode, resulting in a kernel oops. Guard against this by checking return value of task_pt_regs() before trying to obtain the call chain.

Solution(s)

• debian-upgrade-linux

References

• https://attackerkb.com/topics/cve-2022-48770
• CVE - 2022-48770