CVE-2022-3606

Publication date 19 October 2022

Last updated 26 August 2025

Ubuntu priority

Cvss 3 Severity Score

Description

A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
dwarves-dfsg	25.10 questing	Not in release
	25.04 plucky	Not in release
	24.10 oracular	Not in release
	24.04 LTS noble	Not in release
	23.10 mantic	Not in release
	23.04 lunar	Not in release
	22.10 kinetic	Not in release
	22.04 LTS jammy	Not in release
	20.04 LTS focal	Fixed 1.21-0ubuntu1~20.04.1
	18.04 LTS bionic	Fixed 1.21-0ubuntu1~18.04.1+esm1
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Ignored end of standard support
libbpf	25.10 questing	Fixed 1.0.1-2ubuntu1
	25.04 plucky	Fixed 1.0.1-2ubuntu1
	24.10 oracular	Fixed 1.0.1-2ubuntu1
	24.04 LTS noble	Fixed 1.0.1-2ubuntu1
	23.10 mantic	Fixed 1.0.1-2ubuntu1
	23.04 lunar	Fixed 1.0.1-2ubuntu1
	22.10 kinetic	Fixed 0.8.0-1ubuntu22.10.1
	22.04 LTS jammy	Fixed 0.5.0-1ubuntu22.04.1
	20.04 LTS focal	Fixed 0.5.0-1~ubuntu20.04.1+esm1
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Ignored end of standard support
	14.04 LTS trusty	Ignored end of standard support

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro 30-day free trial

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libbpf	Upstream: 3a3ef0c

Severity score breakdown

Parameter	Value
Base score	3.5 · Low
Attack vector	Adjacent
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	Low
Vector	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

References

Related Ubuntu Security Notices (USN)

USN-5759-1
LibBPF vulnerabilities
5 December 2022

USN-5759-2
LibBPF vulnerabilities
8 December 2022

USN-6215-1
dwarves vulnerabilities
11 July 2023

Other references

https://www.cve.org/CVERecord?id=CVE-2022-3606