| Name | CVE-2022-3533 |
| Description | A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects the function parse_usdt_arg of the file tools/lib/bpf/usdt.c of the component BPF. The manipulation of the argument reg_name leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211031. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 1023717 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| libbpf (PTS) | bullseye | 0.3-2 | fixed |
| bullseye (security) | 0.3-2+deb11u1 | fixed |
| bookworm | 1.1.0-1 | fixed |
| sid, trixie | 1.5.0-3 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| libbpf | source | bullseye | (not affected) | | | |
| libbpf | source | (unstable) | 1.1.0-1 | | | 1023717 |
Notes
[bullseye] - libbpf <not-affected> (Vulnerable code introduced later)
Introduced by: https://github.com/libbpf/libbpf/commit/557499a13ede6ea86883d070af06621fe990572f (v0.8.0)
Fixed by: https://github.com/libbpf/libbpf/commit/881a10980b7ded995da5d9cc1919992c36c9d2be (v1.1.0)