{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49877", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-05-01T14:05:17.238Z", "datePublished": "2025-05-01T14:10:25.682Z", "dateUpdated": "2025-05-04T12:45:20.880Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:45:20.880Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues\n\nWhen running `test_sockmap` selftests, the following warning appears:\n\n WARNING: CPU: 2 PID: 197 at net/core/stream.c:205 sk_stream_kill_queues+0xd3/0xf0\n Call Trace:\n <TASK>\n inet_csk_destroy_sock+0x55/0x110\n tcp_rcv_state_process+0xd28/0x1380\n ? tcp_v4_do_rcv+0x77/0x2c0\n tcp_v4_do_rcv+0x77/0x2c0\n __release_sock+0x106/0x130\n __tcp_close+0x1a7/0x4e0\n tcp_close+0x20/0x70\n inet_release+0x3c/0x80\n __sock_release+0x3a/0xb0\n sock_close+0x14/0x20\n __fput+0xa3/0x260\n task_work_run+0x59/0xb0\n exit_to_user_mode_prepare+0x1b3/0x1c0\n syscall_exit_to_user_mode+0x19/0x50\n do_syscall_64+0x48/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe root case is in commit 84472b436e76 (\"bpf, sockmap: Fix more uncharged\nwhile msg has more_data\"), where I used msg->sg.size to replace the tosend,\ncausing breakage:\n\n if (msg->apply_bytes && msg->apply_bytes < tosend)\n tosend = psock->apply_bytes;"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/tcp_bpf.c"], "versions": [{"version": "244ce90c8d0bd10ebf957da02c6f3fcd5d920bdf", "lessThan": "d975bec1eaeb52341acc9273db79ddb078220399", "status": "affected", "versionType": "git"}, {"version": "7b812a369e6416ab06d83cdd39d8e3f752781dd0", "lessThan": "cc21dc48a78cc9e5af9a4d039cd456446a6e73ff", "status": "affected", "versionType": "git"}, {"version": "168ff181f5b6e7fce684c98a30d35da1dbf8f82a", "lessThan": "95adbd2ac8de82e43fd6b347e7e1b47f74dc1abb", "status": "affected", "versionType": "git"}, {"version": "84472b436e760ba439e1969a9e3c5ae7c86de39d", "lessThan": "14e8bc3bf7bd6af64d7538a0684c8238d96cdfd7", "status": "affected", "versionType": "git"}, {"version": "84472b436e760ba439e1969a9e3c5ae7c86de39d", "lessThan": "8ec95b94716a1e4d126edc3fb2bc426a717e2dba", "status": "affected", "versionType": "git"}, {"version": "87d532d41ef937e16f61b3d2094f3a2ac49be365", "status": "affected", "versionType": "git"}, {"version": "abb4caa477a5450817d2aa1198edce66450aecf8", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/tcp_bpf.c"], "versions": [{"version": "5.18", "status": "affected"}, {"version": "0", "lessThan": "5.18", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.225", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.155", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.79", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.9", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.189", "versionEndExcluding": "5.4.225"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.110", "versionEndExcluding": "5.10.155"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.33", "versionEndExcluding": "5.15.79"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.18", "versionEndExcluding": "6.0.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.18", "versionEndExcluding": "6.1"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16.19"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17.2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/d975bec1eaeb52341acc9273db79ddb078220399"}, {"url": "https://git.kernel.org/stable/c/cc21dc48a78cc9e5af9a4d039cd456446a6e73ff"}, {"url": "https://git.kernel.org/stable/c/95adbd2ac8de82e43fd6b347e7e1b47f74dc1abb"}, {"url": "https://git.kernel.org/stable/c/14e8bc3bf7bd6af64d7538a0684c8238d96cdfd7"}, {"url": "https://git.kernel.org/stable/c/8ec95b94716a1e4d126edc3fb2bc426a717e2dba"}], "title": "bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4ADF6FB5-602A-4872-B55D-F9122D1D9260", "versionEndExcluding": "5.4.225", "versionStartIncluding": "5.4.189", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DACD9290-F694-48EC-AFCB-DD75FEA46D93", "versionEndExcluding": "5.10.155", "versionStartIncluding": "5.10.110", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEFAEE94-B60B-46E7-9F05-CFA1C8A6DCB8", "versionEndExcluding": "5.15.79", "versionStartIncluding": "5.15.33", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D4ED89FC-18EE-445F-8FE2-A2B6A5F9BB13", "versionEndExcluding": "5.17", "versionStartIncluding": "5.16.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FD72C28-3B96-4150-B2B6-01C33CFFE955", "versionEndExcluding": "6.0.9", "versionStartIncluding": "5.17.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "17F0B248-42CF-4AE6-A469-BB1BAE7F4705", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "E2422816-0C14-4B5E-A1E6-A9D776E5C49B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*", "matchCriteriaId": "1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues\n\nWhen running `test_sockmap` selftests, the following warning appears:\n\n WARNING: CPU: 2 PID: 197 at net/core/stream.c:205 sk_stream_kill_queues+0xd3/0xf0\n Call Trace:\n <TASK>\n inet_csk_destroy_sock+0x55/0x110\n tcp_rcv_state_process+0xd28/0x1380\n ? tcp_v4_do_rcv+0x77/0x2c0\n tcp_v4_do_rcv+0x77/0x2c0\n __release_sock+0x106/0x130\n __tcp_close+0x1a7/0x4e0\n tcp_close+0x20/0x70\n inet_release+0x3c/0x80\n __sock_release+0x3a/0xb0\n sock_close+0x14/0x20\n __fput+0xa3/0x260\n task_work_run+0x59/0xb0\n exit_to_user_mode_prepare+0x1b3/0x1c0\n syscall_exit_to_user_mode+0x19/0x50\n do_syscall_64+0x48/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe root case is in commit 84472b436e76 (\"bpf, sockmap: Fix more uncharged\nwhile msg has more_data\"), where I used msg->sg.size to replace the tosend,\ncausing breakage:\n\n if (msg->apply_bytes && msg->apply_bytes < tosend)\n tosend = psock->apply_bytes;"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf, sockmap: corrige la advertencia sk-&gt;sk_forward_alloc de sk_stream_kill_queues Al ejecutar las pruebas autom\u00e1ticas `test_sockmap`, aparece la siguiente advertencia: ADVERTENCIA: CPU: 2 PID: 197 en net/core/stream.c:205 sk_stream_kill_queues+0xd3/0xf0 Seguimiento de llamadas: inet_csk_destroy_sock+0x55/0x110 tcp_rcv_state_process+0xd28/0x1380 ? tcp_v4_do_rcv+0x77/0x2c0 tcp_v4_do_rcv+0x77/0x2c0 __release_sock+0x106/0x130 __tcp_close+0x1a7/0x4e0 tcp_close+0x20/0x70 inet_release+0x3c/0x80 __sock_release+0x3a/0xb0 sock_close+0x14/0x20 __fput+0xa3/0x260 task_work_run+0x59/0xb0 exit_to_user_mode_prepare+0x1b3/0x1c0 syscall_exit_to_user_mode+0x19/0x50 do_syscall_64+0x48/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae El caso ra\u00edz est\u00e1 en el commit 84472b436e76 (\"bpf, sockmap: Arreglar m\u00e1s archivos no cargados mientras msg tiene more_data\"), donde utilic\u00e9 msg-&gt;sg.size para reemplazar tosend, lo que caus\u00f3 fallas: if (msg-&gt;apply_bytes &amp;&amp; msg-&gt;apply_bytes &lt; tosend) tosend = psock-&gt;apply_bytes;"}], "id": "CVE-2022-49877", "lastModified": "2025-11-10T21:05:50.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-05-01T15:16:12.653", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/14e8bc3bf7bd6af64d7538a0684c8238d96cdfd7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8ec95b94716a1e4d126edc3fb2bc426a717e2dba"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/95adbd2ac8de82e43fd6b347e7e1b47f74dc1abb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cc21dc48a78cc9e5af9a4d039cd456446a6e73ff"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d975bec1eaeb52341acc9273db79ddb078220399"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues", "id": "2363424", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363424"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nbpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues\nWhen running `test_sockmap` selftests, the following warning appears:\nWARNING: CPU: 2 PID: 197 at net/core/stream.c:205 sk_stream_kill_queues+0xd3/0xf0\nCall Trace:\n<TASK>\ninet_csk_destroy_sock+0x55/0x110\ntcp_rcv_state_process+0xd28/0x1380\n? tcp_v4_do_rcv+0x77/0x2c0\ntcp_v4_do_rcv+0x77/0x2c0\n__release_sock+0x106/0x130\n__tcp_close+0x1a7/0x4e0\ntcp_close+0x20/0x70\ninet_release+0x3c/0x80\n__sock_release+0x3a/0xb0\nsock_close+0x14/0x20\n__fput+0xa3/0x260\ntask_work_run+0x59/0xb0\nexit_to_user_mode_prepare+0x1b3/0x1c0\nsyscall_exit_to_user_mode+0x19/0x50\ndo_syscall_64+0x48/0x90\nentry_SYSCALL_64_after_hwframe+0x44/0xae\nThe root case is in commit 84472b436e76 (\"bpf, sockmap: Fix more uncharged\nwhile msg has more_data\"), where I used msg->sg.size to replace the tosend,\ncausing breakage:\nif (msg->apply_bytes && msg->apply_bytes < tosend)\ntosend = psock->apply_bytes;"], "name": "CVE-2022-49877", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49877\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49877\nhttps://lore.kernel.org/linux-cve-announce/2025050153-CVE-2022-49877-1f59@gregkh/T"], "statement": "A bug in the bpf, sockmap implementation was identified, where incorrect accounting of memory (using msg->sg.size instead of tosend) could lead to issues during sk_stream_kill_queues, triggering kernel warnings under test_sockmap. The issue stems from commit 84472b436e76. This bug may result in improper memory charging and unbalanced accounting in socket buffer operations, potentially triggering warnings or instability during socket teardown. The BPF disabled by default in Red Hat Enterprise Linux (and only admin can enable it).", "threat_severity": "Moderate"}

{"created": "2025-06-23T09:16:30.133055+00:00", "updated": "2025-06-23T09:16:30.133131+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}