CVE-2022-49875

MEDIUM

Linux Kernel 5.7-5.10.155, 5.11-5.15.79, 5.16-6.0.9 - NULL Pointer Dereference in bpftool Pin Command

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: bpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without FILE When using bpftool to pin {PROG, MAP, LINK} without FILE, segmentation fault will occur. The reson is that the lack of FILE will cause strlen to trigger NULL pointer dereference. The corresponding stacktrace is shown below: do_pin do_pin_any do_pin_fd mount_bpffs_for_pin strlen(name) <- NULL pointer dereference Fix it by adding validation to the common process.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/8c80b2fca4112d724dde477aed13f7b0510a2792

Patch

https://git.kernel.org/stable/c/6dcdd1b68b7f9333d48d48fc77b75e7f235f6a4a

Patch

https://git.kernel.org/stable/c/da5161ba94c5e9182c301dd4f09c94f715c068bd

Patch

https://git.kernel.org/stable/c/34de8e6e0e1f66e431abf4123934a2581cb5f133

Scores

CVSS v3 5.5

EPSS 0.0018

EPSS Percentile 7.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (15)

linux/Kernel 5.11.0 - 5.15.79linux

linux/Kernel 5.16.0 - 6.0.9linux

linux/Kernel 5.7.0 - 5.10.155linux

Linux/Linux < 5.7

Linux/Linux 5.10.155 - 5.10.*

Linux/Linux 5.15.79 - 5.15.*

Linux/Linux 5.7

Linux/Linux 6.0.9 - 6.0.*

Linux/Linux 6.1

Linux/Linux 75a1e792c335b5c6d7fdb1014da47aeb64c5944f - 34de8e6e0e1f66e431abf4123934a2581cb5f133

... and 5 more

Published May 01, 2025

Tracked Since Feb 18, 2026