CVE-2022-50865

The type of skrcvbuf and sksndbuf in struct sock is int, and in tcpaddbacklog(), the variable limit is caculated by adding skrcvbuf, sksndbuf and 64 * 1024, it may exceed the max value of int and overflow. This patch reduces the limit budget by halving the sndbuf to solve this issue since ACK packets are much smaller than the payload.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50865.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c9c3321257e1b95be9b375f811fb250162af8d39

Fixed

9d04b4d0feee12bce6bfe37f30d8e953d3c30368

Fixed

4f23cb2be530785db284a685d1b1c30224d8a538

Fixed

a85d39f14aa8a71e29cfb5eb5de02878a8779898

Fixed

28addf029417d53b1df062b4c87feb7bc033cb5f

Fixed

ec791d8149ff60c40ad2074af3b92a39c916a03f

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50865.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.9.0

Fixed

5.4.278

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.153

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.77

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.0.7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50865.json"