{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T22:26:39.743","vulnerabilities":[{"cve":{"id":"CVE-2022-50654","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-12-09T01:16:48.340","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix panic due to wrong pageattr of im->image\n\nIn the scenario where livepatch and kretfunc coexist, the pageattr of\nim->image is rox after arch_prepare_bpf_trampoline in\nbpf_trampoline_update, and then modify_fentry or register_fentry returns\n-EAGAIN from bpf_tramp_ftrace_ops_func, the BPF_TRAMP_F_ORIG_STACK flag\nwill be configured, and arch_prepare_bpf_trampoline will be re-executed.\n\nAt this time, because the pageattr of im->image is rox,\narch_prepare_bpf_trampoline will read and write im->image, which causes\na fault. as follows:\n\n  insmod livepatch-sample.ko    # samples/livepatch/livepatch-sample.c\n  bpftrace -e 'kretfunc:cmdline_proc_show {}'\n\nBUG: unable to handle page fault for address: ffffffffa0206000\nPGD 322d067 P4D 322d067 PUD 322e063 PMD 1297e067 PTE d428061\nOops: 0003 [#1] PREEMPT SMP PTI\nCPU: 2 PID: 270 Comm: bpftrace Tainted: G            E K    6.1.0 #5\nRIP: 0010:arch_prepare_bpf_trampoline+0xed/0x8c0\nRSP: 0018:ffffc90001083ad8 EFLAGS: 00010202\nRAX: ffffffffa0206000 RBX: 0000000000000020 RCX: 0000000000000000\nRDX: ffffffffa0206001 RSI: ffffffffa0206000 RDI: 0000000000000030\nRBP: ffffc90001083b70 R08: 0000000000000066 R09: ffff88800f51b400\nR10: 000000002e72c6e5 R11: 00000000d0a15080 R12: ffff8880110a68c8\nR13: 0000000000000000 R14: ffff88800f51b400 R15: ffffffff814fec10\nFS:  00007f87bc0dc780(0000) GS:ffff88803e600000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffffffa0206000 CR3: 0000000010b70000 CR4: 00000000000006e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n<TASK>\n bpf_trampoline_update+0x25a/0x6b0\n __bpf_trampoline_link_prog+0x101/0x240\n bpf_trampoline_link_prog+0x2d/0x50\n bpf_tracing_prog_attach+0x24c/0x530\n bpf_raw_tp_link_attach+0x73/0x1d0\n __sys_bpf+0x100e/0x2570\n __x64_sys_bpf+0x1c/0x30\n do_syscall_64+0x5b/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nWith this patch, when modify_fentry or register_fentry returns -EAGAIN\nfrom bpf_tramp_ftrace_ops_func, the pageattr of im->image will be reset\nto nx+rw."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/7f656fff955ccb216c40fa188a24c05fa40985a5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9ed1d9aeef5842ecacb660fce933613b58af1e00","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d9d383cbf812a3b4094c089aa5f5d41a3bb4531d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}}]}