CVE-2022-50862Improper Validation of Specified Type of Input in Linux

CWE-1287Improper Validation of Specified Type of Input7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 92.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: prevent decl_tag from being referenced in func_proto Syzkaller was able to hit the following issue: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 3609 at kernel/bpf/btf.c:1946 btf_type_id_size+0x2d5/0x9d0 kernel/bpf/btf.c:1946 Modules linked in: CPU: 0 PID: 3609 Comm: syz-executor361 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Goog

Affected Packages4 packages

Linuxlinux/linux_kernel5.16.06.0.7
Debianlinux/linux_kernel< 6.0.7-1+2
CVEListV5linux/linuxbd16dee66ae4de3f1726c69ac901d2b7a53b0c86e9dbb4c539d058852b76937dcd7347d3f38054f2+2
debiandebian/linux< linux 6.0.7-1 (bookworm)

🔴Vulnerability Details

3
OSV
bpf: prevent decl_tag from being referenced in func_proto2025-12-30
OSV
CVE-2022-50862: In the Linux kernel, the following vulnerability has been resolved: bpf: prevent decl_tag from being referenced in func_proto Syzkaller was able to hi2025-12-30
GHSA
GHSA-f4wf-p3gv-292p: In the Linux kernel, the following vulnerability has been resolved: bpf: prevent decl_tag from being referenced in func_proto Syzkaller was able to2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: bpf: prevent decl_tag from being referenced in func_proto2025-12-30
Debian
CVE-2022-50862: linux - In the Linux kernel, the following vulnerability has been resolved: bpf: preven...2022

🕵️Threat Intelligence

1
Wiz
CVE-2022-50862 Impact, Exploitability, and Mitigation Steps | Wiz