CVE-2022-50167
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: fix potential 32-bit overflow when accessing ARRAY map element
If BPF array map is bigger than 4GB, element pointer calculation can overflow because both index and elem_size are u32. Fix this everywhere by forcing 64-bit multiplication. Extract this formula into separate small helper and use it consistently in various places.
Speculative-preventing formula utilizing index_mask trick is left as is, but explicit u64 casts are added in both places.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | c85d69135a9175c50a823d04d62d932312d037b3 < 063e092534d4c6785228e5b1eb6e9329f66ccbe4 | affected |
| Linux | Linux | c85d69135a9175c50a823d04d62d932312d037b3 < 3c7256b880b3a5aa1895fd169a34aa4224a11862 | affected |
| Linux | Linux | c85d69135a9175c50a823d04d62d932312d037b3 < 87ac0d600943994444e24382a87aa19acc4cd3d4 | affected |
| Linux | Linux | 5.3 | affected |
| Linux | Linux | 0 < 5.3 | unaffected |
| Linux | Linux | 5.18.18 <= 5.18.* | unaffected |
| Linux | Linux | 5.19.2 <= 5.19.* | unaffected |
| Linux | Linux | 6.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/063e092534d4c6785228e5b1eb6e9329f66ccbe4
- https://git.kernel.org/stable/c/3c7256b880b3a5aa1895fd169a34aa4224a11862
- https://git.kernel.org/stable/c/87ac0d600943994444e24382a87aa19acc4cd3d4
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.