CVE-2022-49548: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49548 is a vulnerability in the Linux kernel's BPF (Berkeley Packet Filter) subsystem, specifically in the bpf_trampoline_get_progs() function. The vulnerability was discovered and disclosed in February 2025, affecting various Linux distributions and their kernel versions (Ubuntu Security).

The vulnerability stems from an array overflow condition in the bpf_trampoline_get_progs() function. The cnt value in the 'cnt >= BPF_MAX_TRAMP_PROGS' check does not include BPF_TRAMP_MODIFY_RETURN bpf programs, allowing the number of attached BPF_TRAMP_MODIFY_RETURN bpf programs in a trampoline to exceed BPF_MAX_TRAMP_PROGS. This can cause a progs array overflow in the assignment '*progs++ = aux->prog' as the progs field in the bpf_tramp_progs struct can only hold at most BPF_MAX_TRAMP_PROGS bpf programs (Kernel Git). The vulnerability has been assigned a CVSS 3.1 score of 7.8 (High) (Ubuntu Security).

When exploited, this vulnerability can lead to array overflow conditions in the Linux kernel's BPF subsystem, potentially resulting in memory corruption and system instability (Ubuntu Security).

The vulnerability has been patched in the Linux kernel. The fix involves properly counting all BPF program types, including BPF_TRAMP_MODIFY_RETURN programs, when checking against BPF_MAX_TRAMP_PROGS limit. System administrators should update their Linux kernel to a patched version. Various Linux distributions have either released patches or are in the process of releasing updates (Ubuntu Security).