CVE-2022-50883
Use-After-Free in Linux Kernel BPF decl_tag Argument Handling
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves the BPF (Berkeley Packet Filter) subsystem, specifically an issue where the 'decl_tag' was improperly referenced in function prototype arguments. It relates to a bug in the kernel's BPF type checking code that could be triggered by Syzkaller, a kernel fuzzing tool. The problem was fixed by preventing 'decl_tag' from being referenced in function prototype arguments, similar to a previous fix that prevented it from being referenced elsewhere.
How can this vulnerability impact me? :
The vulnerability could potentially allow malformed BPF programs to be loaded or executed improperly due to incorrect type checking in the kernel, which might lead to kernel instability or security issues. However, specific impacts such as privilege escalation or denial of service are not detailed in the provided information.