CVE-2022-2905: 
Linux Kernel vulnerability analysis and mitigation

An out-of-bounds memory read vulnerability (CVE-2022-2905) was discovered in the Linux kernel's BPF subsystem, specifically in how a user calls the bpftailcall function with a key larger than the max_entries of the map. The vulnerability was discovered by Hsin-Wei Hung and disclosed on August 26, 2022. This flaw affects the Linux kernel's BPF (Berkeley Packet Filter) subsystem, particularly impacting the x86 JIT compiler (Kernel Mailing List, NVD).

The vulnerability occurs in the x86 BPF JIT compiler when a bpftailcall is made with a key larger than the maxentries of the map. This causes an out-of-bounds access when the x86 JIT compiler attempts to index bpfarray->ptr using the invalid key. The vulnerability has been assigned a CVSS 3 Severity Score of 5.5 (Medium) (Ubuntu Security).

This vulnerability allows a local user to gain unauthorized access to data through an out-of-bounds memory read. If unprivileged use of eBPF is enabled, this could lead to information disclosure by leaking sensitive kernel memory (Debian LTS).

The primary mitigation is to ensure the kernel.unprivilegedbpfdisabled sysctl is set to 2 (the default) or 1. The vulnerability has been fixed in various Linux distributions, including Ubuntu 22.04 LTS (version 5.15.0-53.59) and Debian 10 buster (version 5.10.149-2~deb10u1) (Ubuntu Security, Debian LTS).