CVE-2022-50865
Signed Integer Overflow in Linux Kernel TCP Backlog Handling
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability involves a signed-integer-overflow bug in the Linux kernel's tcp_add_backlog() function, which could potentially lead to incorrect handling of TCP backlog limits. This might cause unexpected behavior in network packet processing, possibly affecting system stability or network performance.
Can you explain this vulnerability to me?
This vulnerability is a signed-integer-overflow bug in the Linux kernel's tcp_add_backlog() function. It occurs because the variables sk_rcvbuf and sk_sndbuf, which are integers, are added together along with 64 * 1024 to calculate a limit. This sum can exceed the maximum value an int can hold, causing an overflow. The issue was fixed by reducing the limit budget by halving the sndbuf value, as ACK packets are smaller than the payload.