FKIE_CVE-2022-50167

Vulnerability from fkie_nvd - Published: 2025-06-18 11:15 - Updated: 2025-11-17 19:48
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: bpf: fix potential 32-bit overflow when accessing ARRAY map element If BPF array map is bigger than 4GB, element pointer calculation can overflow because both index and elem_size are u32. Fix this everywhere by forcing 64-bit multiplication. Extract this formula into separate small helper and use it consistently in various places. Speculative-preventing formula utilizing index_mask trick is left as is, but explicit u64 casts are added in both places.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/063e092534d4c6785228e5b1eb6e9329f66ccbe4Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3c7256b880b3a5aa1895fd169a34aa4224a11862Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/87ac0d600943994444e24382a87aa19acc4cd3d4Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B02C474E-3473-42B0-8C3A-FE88F36ABE5A",
              "versionEndExcluding": "5.18.18",
              "versionStartIncluding": "5.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1A2A5A5-4598-4D7E-BA07-4660398D6C8F",
              "versionEndExcluding": "5.19.2",
              "versionStartIncluding": "5.19",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix potential 32-bit overflow when accessing ARRAY map element\n\nIf BPF array map is bigger than 4GB, element pointer calculation can\noverflow because both index and elem_size are u32. Fix this everywhere\nby forcing 64-bit multiplication. Extract this formula into separate\nsmall helper and use it consistently in various places.\n\nSpeculative-preventing formula utilizing index_mask trick is left as is,\nbut explicit u64 casts are added in both places."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: se corrige un posible desbordamiento de 32 bits al acceder al elemento del mapa de matriz. Si el mapa de matriz BPF supera los 4 GB, el c\u00e1lculo del puntero del elemento puede desbordarse, ya que tanto el \u00edndice como el tama\u00f1o de elem son u32. Se corrige este problema en todas partes forzando la multiplicaci\u00f3n de 64 bits. Se extrae esta f\u00f3rmula en un peque\u00f1o ayudante independiente y se usa de forma consistente en varios lugares. La f\u00f3rmula que evita la especulaci\u00f3n mediante el truco de index_mask se mantiene sin cambios, pero se a\u00f1aden conversiones u64 expl\u00edcitas en ambos lugares."
    }
  ],
  "id": "CVE-2022-50167",
  "lastModified": "2025-11-17T19:48:41.020",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-06-18T11:15:47.010",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/063e092534d4c6785228e5b1eb6e9329f66ccbe4"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/3c7256b880b3a5aa1895fd169a34aa4224a11862"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/87ac0d600943994444e24382a87aa19acc4cd3d4"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.