{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T18:24:38.062","vulnerabilities":[{"cve":{"id":"CVE-2022-50078","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-06-18T11:15:36.753","lastModified":"2025-11-17T19:24:43.193","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/eprobes: Do not allow eprobes to use $stack, or % for regs\n\nWhile playing with event probes (eprobes), I tried to see what would\nhappen if I attempted to retrieve the instruction pointer (%rip) knowing\nthat event probes do not use pt_regs. The result was:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000024\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 PID: 1847 Comm: trace-cmd Not tainted 5.19.0-rc5-test+ #309\n Hardware name: Hewlett-Packard HP Compaq Pro 6300 SFF/339A, BIOS K01\nv03.03 07/14/2016\n RIP: 0010:get_event_field.isra.0+0x0/0x50\n Code: ff 48 c7 c7 c0 8f 74 a1 e8 3d 8b f5 ff e8 88 09 f6 ff 4c 89 e7 e8\n50 6a 13 00 48 89 ef 5b 5d 41 5c 41 5d e9 42 6a 13 00 66 90 <48> 63 47 24\n8b 57 2c 48 01 c6 8b 47 28 83 f8 02 74 0e 83 f8 04 74\n RSP: 0018:ffff916c394bbaf0 EFLAGS: 00010086\n RAX: ffff916c854041d8 RBX: ffff916c8d9fbf50 RCX: ffff916c255d2000\n RDX: 0000000000000000 RSI: ffff916c255d2008 RDI: 0000000000000000\n RBP: 0000000000000000 R08: ffff916c3a2a0c08 R09: ffff916c394bbda8\n R10: 0000000000000000 R11: 0000000000000000 R12: ffff916c854041d8\n R13: ffff916c854041b0 R14: 0000000000000000 R15: 0000000000000000\n FS:  0000000000000000(0000) GS:ffff916c9ea40000(0000)\nknlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000024 CR3: 000000011b60a002 CR4: 00000000001706e0\n Call Trace:\n  <TASK>\n  get_eprobe_size+0xb4/0x640\n  ? __mod_node_page_state+0x72/0xc0\n  __eprobe_trace_func+0x59/0x1a0\n  ? __mod_lruvec_page_state+0xaa/0x1b0\n  ? page_remove_file_rmap+0x14/0x230\n  ? page_remove_rmap+0xda/0x170\n  event_triggers_call+0x52/0xe0\n  trace_event_buffer_commit+0x18f/0x240\n  trace_event_raw_event_sched_wakeup_template+0x7a/0xb0\n  try_to_wake_up+0x260/0x4c0\n  __wake_up_common+0x80/0x180\n  __wake_up_common_lock+0x7c/0xc0\n  do_notify_parent+0x1c9/0x2a0\n  exit_notify+0x1a9/0x220\n  do_exit+0x2ba/0x450\n  do_group_exit+0x2d/0x90\n  __x64_sys_exit_group+0x14/0x20\n  do_syscall_64+0x3b/0x90\n  entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nObviously this is not the desired result.\n\nMove the testing for TPARG_FL_TPOINT which is only used for event probes\nto the top of the \"$\" variable check, as all the other variables are not\nused for event probes. Also add a check in the register parsing \"%\" to\nfail if an event probe is used."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tracing/eprobes: No permitir que las eprobes usen $stack o % para regs. Mientras jugaba con las sondas de eventos (eprobes), intenté ver qué sucedería si intentaba recuperar el puntero de instrucciones (%rip) sabiendo que las sondas de eventos no usan pt_regs. El resultado fue: ERROR: desreferencia de puntero NULL del kernel, dirección: 0000000000000024 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - página no presente PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 1847 Comm: trace-cmd No contaminado 5.19.0-rc5-test+ #309 Nombre del hardware: Hewlett-Packard HP Compaq Pro 6300 SFF/339A, BIOS K01 v03.03 14/07/2016 RIP: 0010:get_event_field.isra.0+0x0/0x50 Código: ff 48 c7 c7 c0 8f 74 a1 e8 3d 8b f5 ff e8 88 09 f6 ff 4c 89 e7 e8 50 6a 13 00 48 89 ef 5b 5d 41 5c 41 5d e9 42 6a 13 00 66 90 &lt;48&gt; 63 47 24 8b 57 2c 48 01 c6 8b 47 28 83 f8 02 74 0e 83 f8 04 74 RSP: 0018:ffff916c394bbaf0 EFLAGS: 00010086 RAX: ffff916c854041d8 RBX: ffff916c8d9fbf50 RCX: ffff916c255d2000 RDX: 0000000000000000 RSI: ffff916c255d2008 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffff916c3a2a0c08 R09: ffff916c394bbda8 R10: 0000000000000000 R11: 0000000000000000 R12: ffff916c854041d8 R13: ffff916c854041b0 R14: 000000000000000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff916c9ea40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000024 CR3: 000000011b60a002 CR4: 00000000001706e0 Seguimiento de llamadas:  get_eprobe_size+0xb4/0x640 ? __mod_node_page_state+0x72/0xc0 __eprobe_trace_func+0x59/0x1a0 ? __mod_lruvec_page_state+0xaa/0x1b0 ? page_remove_file_rmap+0x14/0x230 ? page_remove_rmap+0xda/0x170 event_triggers_call+0x52/0xe0 trace_event_buffer_commit+0x18f/0x240 trace_event_raw_event_sched_wakeup_template+0x7a/0xb0 try_to_wakeup+0x260/0x4c0 __wake_up_common+0x80/0x180 __wake_up_common_lock+0x7c/0xc0 do_notify_parent+0x1c9/0x2a0 exit_notify+0x1a9/0x220 do_exit+0x2ba/0x450 do_group_exit+0x2d/0x90 __x64_sys_exit_group+0x14/0x20 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Obviamente, este no es el resultado deseado. Mueva la prueba de TPARG_FL_TPOINT, que solo se usa para sondeos de eventos, al principio de la comprobación de la variable \"$\", ya que las demás variables no se usan para sondeos de eventos. También añada una comprobación en el registro que analiza \"%\" para que falle si se usa un sondeo de eventos."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.15.63","matchCriteriaId":"2ACB117A-CAB0-4035-A1F1-DCA73BD88DC8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"5.19.4","matchCriteriaId":"0E669300-DA42-4ACD-86D8-68BE5F29FB88"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*","matchCriteriaId":"E8BD11A3-8643-49B6-BADE-5029A0117325"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2673c60ee67e71f2ebe34386e62d348f71edee47","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7c262114a576d94c0ced80e232bbb17391a55908","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ba53c21ce9773743b8e0a8ada048c96ff2d55c67","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}