CVE-2022-50654Incorrect Execution-Assigned Permissions in Linux

CWE-279Incorrect Execution-Assigned Permissions6 documents5 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 90.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix panic due to wrong pageattr of im->image In the scenario where livepatch and kretfunc coexist, the pageattr of im->image is rox after arch_prepare_bpf_trampoline in bpf_trampoline_update, and then modify_fentry or register_fentry returns -EAGAIN from bpf_tramp_ftrace_ops_func, the BPF_TRAMP_F_ORIG_STACK flag will be configured, and arch_prepare_bpf_trampoline will be re-executed. At this time, because the pageattr of

Affected Packages4 packages

Linuxlinux/linux_kernel6.0.06.0.19+1
Debianlinux/linux_kernel< 6.1.7-1+2
CVEListV5linux/linux00963a2e75a872e5fce4d0115ac2786ec86b57a6d9d383cbf812a3b4094c089aa5f5d41a3bb4531d+3
debiandebian/linux< linux 6.1.7-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-6vvj-xcv2-hwp4: In the Linux kernel, the following vulnerability has been resolved: bpf: Fix panic due to wrong pageattr of im->image In the scenario where livepatc2025-12-09
OSV
CVE-2022-50654: In the Linux kernel, the following vulnerability has been resolved: bpf: Fix panic due to wrong pageattr of im->image In the scenario where livepatch2025-12-09
OSV
bpf: Fix panic due to wrong pageattr of im->image2025-12-09

📋Vendor Advisories

2
Red Hat
kernel: bpf: Fix panic due to wrong pageattr of im->image2025-12-09
Debian
CVE-2022-50654: linux - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix pa...2022