CVE-2022-50883

EPSS 0.03%
Veröffentlicht 30.12.2025 12:23:21
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

bpf: Prevent decl_tag from being referenced in func_proto arg

In the Linux kernel, the following vulnerability has been resolved:

bpf: Prevent decl_tag from being referenced in func_proto arg

Syzkaller managed to hit another decl_tag issue:

  btf_func_proto_check kernel/bpf/btf.c:4506 [inline]
  btf_check_all_types kernel/bpf/btf.c:4734 [inline]
  btf_parse_type_sec+0x1175/0x1980 kernel/bpf/btf.c:4763
  btf_parse kernel/bpf/btf.c:5042 [inline]
  btf_new_fd+0x65a/0xb00 kernel/bpf/btf.c:6709
  bpf_btf_load+0x6f/0x90 kernel/bpf/syscall.c:4342
  __sys_bpf+0x50a/0x6c0 kernel/bpf/syscall.c:5034
  __do_sys_bpf kernel/bpf/syscall.c:5093 [inline]
  __se_sys_bpf kernel/bpf/syscall.c:5091 [inline]
  __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5091
  do_syscall_64+0x54/0x70 arch/x86/entry/common.c:48

This seems similar to commit ea68376c8bed ("bpf: prevent decl_tag from being
referenced in func_proto") but for the argument.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

CNA 2 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version b5ea834dde6b6e7f75e51d5f66dac8cd7c97b5ef

Version < 3f3d54962a032581996edda8e6bcbf7a30371234

Status affected

Version b5ea834dde6b6e7f75e51d5f66dac8cd7c97b5ef

Version < e6d276dcc9204f95632580c43d66c52ca502d7ec

Status affected

Version b5ea834dde6b6e7f75e51d5f66dac8cd7c97b5ef

Version < f17472d4599697d701aa239b4c475a506bccfd19

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.16

Status affected

Version 0

Version < 5.16

Status unaffected

Version <= 6.0.*

Version 6.0.16

Status unaffected

Version <= 6.1.*

Version 6.1.2

Status unaffected

Version <= *

Version 6.2

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.092

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/3f3d54962a032581996edda8e6bcbf7a30371234

https://git.kernel.org/stable/c/e6d276dcc9204f95632580c43d66c52ca502d7ec

https://git.kernel.org/stable/c/f17472d4599697d701aa239b4c475a506bccfd19

https://nvd.nist.gov/vuln/detail/CVE-2022-50883

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50883

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50883

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-50883