{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T14:32:08.353","vulnerabilities":[{"cve":{"id":"CVE-2022-49799","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-05-01T15:16:03.200","lastModified":"2025-11-07T19:33:04.857","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix wild-memory-access in register_synth_event()\n\nIn register_synth_event(), if set_synth_event_print_fmt() failed, then\nboth trace_remove_event_call() and unregister_trace_event() will be\ncalled, which means the trace_event_call will call\n__unregister_trace_event() twice. As the result, the second unregister\nwill causes the wild-memory-access.\n\nregister_synth_event\n    set_synth_event_print_fmt failed\n    trace_remove_event_call\n        event_remove\n            if call->event.funcs then\n            __unregister_trace_event (first call)\n    unregister_trace_event\n        __unregister_trace_event (second call)\n\nFix the bug by avoiding to call the second __unregister_trace_event() by\nchecking if the first one is called.\n\ngeneral protection fault, probably for non-canonical address\n\t0xfbd59c0000000024: 0000 [#1] SMP KASAN PTI\nKASAN: maybe wild-memory-access in range\n[0xdead000000000120-0xdead000000000127]\nCPU: 0 PID: 3807 Comm: modprobe Not tainted\n6.1.0-rc1-00186-g76f33a7eedb4 #299\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\nRIP: 0010:unregister_trace_event+0x6e/0x280\nCode: 00 fc ff df 4c 89 ea 48 c1 ea 03 80 3c 02 00 0f 85 0e 02 00 00 48\nb8 00 00 00 00 00 fc ff df 4c 8b 63 08 4c 89 e2 48 c1 ea 03 <80> 3c 02\n00 0f 85 e2 01 00 00 49 89 2c 24 48 85 ed 74 28 e8 7a 9b\nRSP: 0018:ffff88810413f370 EFLAGS: 00010a06\nRAX: dffffc0000000000 RBX: ffff888105d050b0 RCX: 0000000000000000\nRDX: 1bd5a00000000024 RSI: ffff888119e276e0 RDI: ffffffff835a8b20\nRBP: dead000000000100 R08: 0000000000000000 R09: fffffbfff0913481\nR10: ffffffff8489a407 R11: fffffbfff0913480 R12: dead000000000122\nR13: ffff888105d050b8 R14: 0000000000000000 R15: ffff888105d05028\nFS:  00007f7823e8d540(0000) GS:ffff888119e00000(0000)\nknlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f7823e7ebec CR3: 000000010a058002 CR4: 0000000000330ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n __create_synth_event+0x1e37/0x1eb0\n create_or_delete_synth_event+0x110/0x250\n synth_event_run_command+0x2f/0x110\n test_gen_synth_cmd+0x170/0x2eb [synth_event_gen_test]\n synth_event_gen_test_init+0x76/0x9bc [synth_event_gen_test]\n do_one_initcall+0xdb/0x480\n do_init_module+0x1cf/0x680\n load_module+0x6a50/0x70a0\n __do_sys_finit_module+0x12f/0x1c0\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo: Se corrige el acceso a memoria no autorizado en register_synth_event(). En register_synth_event(), si set_synth_event_print_fmt() falla, se invocarán trace_remove_event_call() y unregister_trace_event(), lo que significa que trace_event_call llamará a __unregister_trace_event() dos veces. Como resultado, la segunda anulación del registro provocará el acceso a memoria no autorizado. register_synth_event set_synth_event_print_fmt falló trace_remove_event_call event_remove si call-&gt;event.funcs entonces __unregister_trace_event (primera llamada) unregister_trace_event __unregister_trace_event (segunda llamada) Corrija el error evitando llamar al segundo __unregister_trace_event() verificando si se llama al primero. Fallo de protección general, probablemente por dirección no canónica 0xfbd59c0000000024: 0000 [#1] SMP KASAN PTI KASAN: tal vez acceso a memoria salvaje en el rango [0xdead000000000120-0xdead000000000127] CPU: 0 PID: 3807 Comm: modprobe No contaminado 6.1.0-rc1-00186-g76f33a7eedb4 #299 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 RIP: 0010:unregister_trace_event+0x6e/0x280 Código: 00 fc ff df 4c 89 ea 48 c1 ea 03 80 3c 02 00 0f 85 0e 02 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 63 08 4c 89 e2 48 c1 ea 03 &lt;80&gt; 3c 02 00 0f 85 e2 01 00 00 49 89 2c 24 48 85 ed 74 28 e8 7a 9b RSP: 0018:ffff88810413f370 EFLAGS: 00010a06 RAX: dffffc0000000000 RBX: ffff888105d050b0 RCX: 0000000000000000 RDX: 1bd5a00000000024 RSI: ffff888119e276e0 RDI: ffffffff835a8b20 RBP: muerto000000000100 R08: 0000000000000000 R09: ffffbfff0913481 R10: ffffffff8489a407 R11: ffffbfff0913480 R12: muerto000000000122 R13: ffff888105d050b8 R14: 0000000000000000 R15: ffff888105d05028 FS: 00007f7823e8d540(0000) GS:ffff888119e00000(0000) knlGS:000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f7823e7ebec CR3: 000000010a058002 CR4: 0000000000330ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 00000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Rastreo de llamadas:  __create_synth_event+0x1e37/0x1eb0 create_or_delete_synth_event+0x110/0x250 synth_event_run_command+0x2f/0x110 test_gen_synth_cmd+0x170/0x2eb [synth_event_gen_test] synth_event_gen_test_init+0x76/0x9bc [synth_event_gen_test] do_one_initcall+0xdb/0x480 do_init_module+0x1cf/0x680 load_module+0x6a50/0x70a0 __do_sys_finit_module+0x12f/0x1c0 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"5.10.156","matchCriteriaId":"07CF91BD-57D6-4913-AB55-7BB097657BFB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.80","matchCriteriaId":"51BBEF3B-79F5-4D4C-ADBA-F34DA0E2465C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.0.10","matchCriteriaId":"64F9ADD1-3ADB-4D66-A00F-4A83010B05F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*","matchCriteriaId":"E7E331DA-1FB0-4DEC-91AC-7DA69D461C11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*","matchCriteriaId":"17F0B248-42CF-4AE6-A469-BB1BAE7F4705"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*","matchCriteriaId":"E2422816-0C14-4B5E-A1E6-A9D776E5C49B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*","matchCriteriaId":"1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*","matchCriteriaId":"35B26BE4-43A6-4A36-A7F6-5B3F572D9186"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1b5f1c34d3f5a664a57a5a7557a50e4e3cc2505c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/315b149f08229a233d47532eb5da1707b28f764c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6517b97134f724d12f673f9fb4f456d75c7a905f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a5bfa53e5036b3e7a80be902dd3719a930accabd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}