CVE-2022-50490
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2022-50490, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-04

Last updated on: 2026-03-25

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Propagate error from htab_lock_bucket() to userspace In __htab_map_lookup_and_delete_batch() if htab_lock_bucket() returns -EBUSY, it will go to next bucket. Going to next bucket may not only skip the elements in current bucket silently, but also incur out-of-bound memory access or expose kernel memory to userspace if current bucket_cnt is greater than bucket_size or zero. Fixing it by stopping batch operation and returning -EBUSY when htab_lock_bucket() fails, and the application can retry or skip the busy batch as needed.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-04
Last Modified
2026-03-25
Generated
2026-07-06
AI Q&A
2025-10-04
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's BPF subsystem, specifically in the function __htab_map_lookup_and_delete_batch(). When the function htab_lock_bucket() returns an -EBUSY error, the code incorrectly proceeds to the next bucket, which can silently skip elements in the current bucket. This behavior may lead to out-of-bound memory access or expose kernel memory to userspace if the current bucket count is greater than the bucket size or zero. The fix involves stopping the batch operation and returning -EBUSY when htab_lock_bucket() fails, allowing the application to retry or skip the busy batch as needed.

Impact Analysis

This vulnerability can impact you by potentially exposing kernel memory to userspace, which could lead to information disclosure or memory corruption. Additionally, out-of-bound memory access could cause system instability or crashes, affecting system reliability and security.

Mitigation Strategies

Apply the patch or update to a Linux kernel version that includes the fix for this vulnerability, which stops batch operations and returns -EBUSY when htab_lock_bucket() fails. This prevents out-of-bound memory access and exposure of kernel memory to userspace. Until then, avoid running untrusted BPF programs that may trigger this issue.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50490. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart