{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-50865", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-30T12:06:07.136Z", "datePublished": "2025-12-30T12:15:37.150Z", "dateUpdated": "2025-12-30T12:15:37.150Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-30T12:15:37.150Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: fix a signed-integer-overflow bug in tcp_add_backlog()\n\nThe type of sk_rcvbuf and sk_sndbuf in struct sock is int, and\nin tcp_add_backlog(), the variable limit is caculated by adding\nsk_rcvbuf, sk_sndbuf and 64 * 1024, it may exceed the max value\nof int and overflow. This patch reduces the limit budget by\nhalving the sndbuf to solve this issue since ACK packets are much\nsmaller than the payload."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/tcp_ipv4.c"], "versions": [{"version": "c9c3321257e1b95be9b375f811fb250162af8d39", "lessThan": "9d04b4d0feee12bce6bfe37f30d8e953d3c30368", "status": "affected", "versionType": "git"}, {"version": "c9c3321257e1b95be9b375f811fb250162af8d39", "lessThan": "4f23cb2be530785db284a685d1b1c30224d8a538", "status": "affected", "versionType": "git"}, {"version": "c9c3321257e1b95be9b375f811fb250162af8d39", "lessThan": "a85d39f14aa8a71e29cfb5eb5de02878a8779898", "status": "affected", "versionType": "git"}, {"version": "c9c3321257e1b95be9b375f811fb250162af8d39", "lessThan": "28addf029417d53b1df062b4c87feb7bc033cb5f", "status": "affected", "versionType": "git"}, {"version": "c9c3321257e1b95be9b375f811fb250162af8d39", "lessThan": "ec791d8149ff60c40ad2074af3b92a39c916a03f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/tcp_ipv4.c"], "versions": [{"version": "4.9", "status": "affected"}, {"version": "0", "lessThan": "4.9", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.278", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.153", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.77", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.7", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "5.4.278"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "5.10.153"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "5.15.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "6.0.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "6.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9d04b4d0feee12bce6bfe37f30d8e953d3c30368"}, {"url": "https://git.kernel.org/stable/c/4f23cb2be530785db284a685d1b1c30224d8a538"}, {"url": "https://git.kernel.org/stable/c/a85d39f14aa8a71e29cfb5eb5de02878a8779898"}, {"url": "https://git.kernel.org/stable/c/28addf029417d53b1df062b4c87feb7bc033cb5f"}, {"url": "https://git.kernel.org/stable/c/ec791d8149ff60c40ad2074af3b92a39c916a03f"}], "title": "tcp: fix a signed-integer-overflow bug in tcp_add_backlog()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: fix a signed-integer-overflow bug in tcp_add_backlog()\n\nThe type of sk_rcvbuf and sk_sndbuf in struct sock is int, and\nin tcp_add_backlog(), the variable limit is caculated by adding\nsk_rcvbuf, sk_sndbuf and 64 * 1024, it may exceed the max value\nof int and overflow. This patch reduces the limit budget by\nhalving the sndbuf to solve this issue since ACK packets are much\nsmaller than the payload."}], "id": "CVE-2022-50865", "lastModified": "2025-12-30T13:16:01.317", "metrics": {}, "published": "2025-12-30T13:16:01.317", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/28addf029417d53b1df062b4c87feb7bc033cb5f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4f23cb2be530785db284a685d1b1c30224d8a538"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9d04b4d0feee12bce6bfe37f30d8e953d3c30368"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a85d39f14aa8a71e29cfb5eb5de02878a8779898"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ec791d8149ff60c40ad2074af3b92a39c916a03f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{}