Bugzilla – Bug 1204391
VUL-0: CVE-2022-3534: libbpf: use-after-free in btf_dump_name_dups
Last modified: 2024-04-19 14:32:53 UTC
CVE-2022-3534 A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3534 https://www.cve.org/CVERecord?id=CVE-2022-3534 https://vuldb.com/?id.211032 https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=93c660ca40b5d2f7c1b1626e955a8e9fa30e0749
I don't really know if this codebase is shipped by kernel-source or libbpf, or both? If we ship this through the kernel: I can't see the fixing commit in any branches, so the following branches are affected: - stable - SLE15-SP4
(In reply to Thomas Leroy from comment #1) > I don't really know if this codebase is shipped by kernel-source or libbpf, > or both? It's shipped by libbpf. For Leap 15.2 and 15.3 libbpf is based on kernel-source (though they are not affected). For Leap 15.4 and Tumbleweed it's based on upstream libbpf repo https://github.com/libbpf/libbpf. I'll backport the fix to Leap 15.4 libbpf package, and update the libbpf in Tumbleweed/Factory (after the fix is integrated into the GitHub repo). As for the kernel-source branch. Ideally they should get the fix as well, but generally there shouldn't be any user depending on libbpf inside.
(In reply to Shung-Hsi Yu from comment #2) > (In reply to Thomas Leroy from comment #1) > > I don't really know if this codebase is shipped by kernel-source or libbpf, > > or both? > > It's shipped by libbpf. > > For Leap 15.2 and 15.3 libbpf is based on kernel-source (though they are not > affected). For Leap 15.4 and Tumbleweed it's based on upstream libbpf repo > https://github.com/libbpf/libbpf. > > I'll backport the fix to Leap 15.4 libbpf package, and update the libbpf in > Tumbleweed/Factory (after the fix is integrated into the GitHub repo). > > As for the kernel-source branch. Ideally they should get the fix as well, > but generally there shouldn't be any user depending on libbpf inside. Thanks Shung-Hsi. Let me track only libbpf as affected.
Fix submitted to SLE15-SP5 in SR#1034427 and Tumbleweed/Factory in SR#1034423.
Forgot it's security bug, reassigning back to security team.
SUSE-SU-2023:0405-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1204391,1204502 CVE References: CVE-2022-3534,CVE-2022-3606 JIRA References: Sources used: openSUSE Leap 15.4 (src): libbpf-0.5.0-150400.3.3.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): libbpf-0.5.0-150400.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done