CVE-2022-50167

MEDIUM

Linux Kernel 5.3-5.18.17, 5.19.0-5.19.1, 6.0+ - Integer Overflow in BPF Array Map Element Access

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: fix potential 32-bit overflow when accessing ARRAY map element If BPF array map is bigger than 4GB, element pointer calculation can overflow because both index and elem_size are u32. Fix this everywhere by forcing 64-bit multiplication. Extract this formula into separate small helper and use it consistently in various places. Speculative-preventing formula utilizing index_mask trick is left as is, but explicit u64 casts are added in both places.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/063e092534d4c6785228e5b1eb6e9329f66ccbe4

Patch

https://git.kernel.org/stable/c/3c7256b880b3a5aa1895fd169a34aa4224a11862

Patch

https://git.kernel.org/stable/c/87ac0d600943994444e24382a87aa19acc4cd3d4

Scores

CVSS v3 5.5

EPSS 0.0020

EPSS Percentile 9.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-190

Status published

Products (11)

linux/Kernel 5.19.0 - 5.19.2linux

linux/Kernel 5.3.0 - 5.18.18linux

Linux/Linux < 5.3

Linux/Linux 5.18.18 - 5.18.*

Linux/Linux 5.19.2 - 5.19.*

Linux/Linux 5.3

Linux/Linux 6.0

Linux/Linux c85d69135a9175c50a823d04d62d932312d037b3 - 063e092534d4c6785228e5b1eb6e9329f66ccbe4

Linux/Linux c85d69135a9175c50a823d04d62d932312d037b3 - 3c7256b880b3a5aa1895fd169a34aa4224a11862

Linux/Linux c85d69135a9175c50a823d04d62d932312d037b3 - 87ac0d600943994444e24382a87aa19acc4cd3d4

... and 1 more

Published Jun 18, 2025

Tracked Since Feb 18, 2026