-

CVE-2022-50865

EPSS 0.03%
Veröffentlicht 30.12.2025 12:15:37
Zuletzt bearbeitet 31.12.2025 20:43:05
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

tcp: fix a signed-integer-overflow bug in tcp_add_backlog()

The type of sk_rcvbuf and sk_sndbuf in struct sock is int, and
in tcp_add_backlog(), the variable limit is caculated by adding
sk_rcvbuf, sk_sndbuf and 64 * 1024, it may exceed the max value
of int and overflow. This patch reduces the limit budget by
halving the sndbuf to solve this issue since ACK packets are much
smaller than the payload.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 9d04b4d0feee12bce6bfe37f30d8e953d3c30368

Version c9c3321257e1b95be9b375f811fb250162af8d39

Status affected

Version < 4f23cb2be530785db284a685d1b1c30224d8a538

Version c9c3321257e1b95be9b375f811fb250162af8d39

Status affected

Version < a85d39f14aa8a71e29cfb5eb5de02878a8779898

Version c9c3321257e1b95be9b375f811fb250162af8d39

Status affected

Version < 28addf029417d53b1df062b4c87feb7bc033cb5f

Version c9c3321257e1b95be9b375f811fb250162af8d39

Status affected

Version < ec791d8149ff60c40ad2074af3b92a39c916a03f

Version c9c3321257e1b95be9b375f811fb250162af8d39

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.9

Status affected

Version < 4.9

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.278

Status unaffected

Version <= 5.10.*

Version 5.10.153

Status unaffected

Version <= 5.15.*

Version 5.15.77

Status unaffected

Version <= 6.0.*

Version 6.0.7

Status unaffected

Version <= *

Version 6.1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.065

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/9d04b4d0feee12bce6bfe37f30d8e953d3c30368

https://git.kernel.org/stable/c/4f23cb2be530785db284a685d1b1c30224d8a538

https://git.kernel.org/stable/c/a85d39f14aa8a71e29cfb5eb5de02878a8779898

https://git.kernel.org/stable/c/28addf029417d53b1df062b4c87feb7bc033cb5f

https://git.kernel.org/stable/c/ec791d8149ff60c40ad2074af3b92a39c916a03f

https://nvd.nist.gov/vuln/detail/CVE-2022-50865

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50865

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50865

EUVD