CVE-2022-50167

Published: Jun 18, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: fix potential 32-bit overflow when accessing ARRAY map element If BPF array map is bigger than 4GB, element pointer calculation can overflow because both index and elem_size are u32. Fix this everywhere by forcing 64-bit multiplication. Extract this formula into separate small helper and use it consistently in various places. Speculative-preventing formula utilizing index_mask trick is left as is, but explicit u64 casts are added in both places.

Vendor	Product	Versions
Linux	Linux	affected `c85d69135a9175c50a823d04d62d932312d037b3 - < 063e092534d4c6785228e5b1eb6e9329f66ccbe4` affected `c85d69135a9175c50a823d04d62d932312d037b3 - < 3c7256b880b3a5aa1895fd169a34aa4224a11862` affected `c85d69135a9175c50a823d04d62d932312d037b3 - < 87ac0d600943994444e24382a87aa19acc4cd3d4`
Linux	Linux	affected `5.3` unaffected `0 - < 5.3` unaffected `5.18.18 - <= 5.18.` unaffected `5.19.2 - <= 5.19.` unaffected `6.0 - <= *`

References

https://git.kernel.org/stable/c/063e092534d4c6785228e5b1eb6e9329f66ccbe4

https://git.kernel.org/stable/c/3c7256b880b3a5aa1895fd169a34aa4224a11862

https://git.kernel.org/stable/c/87ac0d600943994444e24382a87aa19acc4cd3d4

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-50167

Description

Affected Products

References