CVE-2022-49840: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49840 is a vulnerability discovered in the Linux kernel's BPF subsystem, specifically related to an alignment problem in bpfprogtestrunskb(). The vulnerability was disclosed on May 1, 2025, affecting various versions of the Linux kernel including versions from 4.x through 5.15.80, as well as the 6.1 release candidates (NVD).

The vulnerability occurs when the size parameter from a user BPF program is an odd number (such as 399 or 407), which causes unaligned access in the struct skbsharedinfo. This results in a use-after-free read condition in _skbclone+0x23c/0x2a0 in net/core/skbuff.c:1032. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD, Wiz).

The vulnerability can lead to a use-after-free condition in the Linux kernel's networking subsystem, potentially causing system instability or crashes. The high CVSS score indicates that while the vulnerability requires local access and low privileges, it can have significant impacts on system confidentiality, integrity, and availability (Wiz).

The fix involves adjusting the size parameter so that (@size + @hearoom) is a multiple of SMPCACHEBYTES, ensuring the struct skbsharedinfo is aligned to a cache line. For Red Hat Enterprise Linux 9, the fix has been deferred for both kernel and kernel-rt packages (Red Hat).