CVE-2022-49764: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability was identified in the Linux kernel related to BPF (Berkeley Packet Filter) program recursion for raw tracepoint probes. The issue, tracked as CVE-2022-49764, involves a BPF program attached to contentionbegin raw tracepoint triggering the same tracepoint by using bpftraceprintk helper that takes traceprintk_lock lock, potentially leading to recursive execution (NVD, Wiz).

The vulnerability occurs when a BPF program is attached as a raw tracepoint on contentionbegin tracepoint and calls the bpftraceprintk helper. When the spin lock code is forced to take the slow path and call contentionbegin tracepoint, it triggers recursive execution. The issue has been assigned a CVSS v3 Base Score of 5.5 with attack vector being Local (Red Hat).

The vulnerability could lead to system warnings and potential system instability due to recursive execution of BPF programs, affecting the kernel's tracing functionality (Wiz).

The issue has been fixed in the Linux kernel by implementing a mechanism to prevent BPF program recursion. The fix involves skipping the execution of BPF programs that are already running by using the program's 'active' field. Additionally, the bpfprogincmissescounter was moved to syscall.c due to trampoline.c being compiled only for CONFIGBPFJIT option (Debian Tracker).