-

CVE-2022-50865

EPSS 0.04%
Veröffentlicht 30.12.2025 12:15:37
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

tcp: fix a signed-integer-overflow bug in tcp_add_backlog()

In the Linux kernel, the following vulnerability has been resolved:

tcp: fix a signed-integer-overflow bug in tcp_add_backlog()

The type of sk_rcvbuf and sk_sndbuf in struct sock is int, and
in tcp_add_backlog(), the variable limit is caculated by adding
sk_rcvbuf, sk_sndbuf and 64 * 1024, it may exceed the max value
of int and overflow. This patch reduces the limit budget by
halving the sndbuf to solve this issue since ACK packets are much
smaller than the payload.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 8

CNA 2 VulnDex Vulnerability Enrichment 9

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version c9c3321257e1b95be9b375f811fb250162af8d39

Version < 9d04b4d0feee12bce6bfe37f30d8e953d3c30368

Status affected

Version c9c3321257e1b95be9b375f811fb250162af8d39

Version < 4f23cb2be530785db284a685d1b1c30224d8a538

Status affected

Version c9c3321257e1b95be9b375f811fb250162af8d39

Version < a85d39f14aa8a71e29cfb5eb5de02878a8779898

Status affected

Version c9c3321257e1b95be9b375f811fb250162af8d39

Version < 28addf029417d53b1df062b4c87feb7bc033cb5f

Status affected

Version c9c3321257e1b95be9b375f811fb250162af8d39

Version < ec791d8149ff60c40ad2074af3b92a39c916a03f

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.9

Status affected

Version 0

Version < 4.9

Status unaffected

Version <= 5.4.*

Version 5.4.278

Status unaffected

Version <= 5.10.*

Version 5.10.153

Status unaffected

Version <= 5.15.*

Version 5.15.77

Status unaffected

Version <= 6.0.*

Version 6.0.7

Status unaffected

Version <= *

Version 6.1

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.101

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/9d04b4d0feee12bce6bfe37f30d8e953d3c30368

https://git.kernel.org/stable/c/4f23cb2be530785db284a685d1b1c30224d8a538

https://git.kernel.org/stable/c/a85d39f14aa8a71e29cfb5eb5de02878a8779898

https://git.kernel.org/stable/c/28addf029417d53b1df062b4c87feb7bc033cb5f

https://git.kernel.org/stable/c/ec791d8149ff60c40ad2074af3b92a39c916a03f

https://nvd.nist.gov/vuln/detail/CVE-2022-50865

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50865

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50865

EUVD