CVE-2022-50650Improper Update of Reference Count in Linux

CWE-911Improper Update of Reference Count6 documents5 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 89.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference state management for synchronous callbacks Currently, verifier verifies callback functions (sync and async) as if they will be executed once, (i.e. it explores execution state as if the function was being called once). The next insn to explore is set to start of subprog and the exit from nested frame is handled using curframe > 0 and prepare_func_exit. In case of async callback it uses a customized variant o

Affected Packages4 packages

Linuxlinux/linux_kernel5.13.05.15.75+2
Debianlinux/linux_kernel< 6.0.3-1+2
CVEListV5linux/linux69c087ba6225b574afb6e505b72cb75242a3d8444ed5155043c97ac8912bcf67331df87c833fb067+4
debiandebian/linux< linux 6.0.3-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2022-50650: In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference state management for synchronous callbacks Currently, verifier2025-12-09
GHSA
GHSA-f9w8-ggmf-6h55: In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference state management for synchronous callbacks Currently, verifie2025-12-09
OSV
bpf: Fix reference state management for synchronous callbacks2025-12-09

📋Vendor Advisories

2
Red Hat
kernel: bpf: Fix reference state management for synchronous callbacks2025-12-09
Debian
CVE-2022-50650: linux - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix re...2022