CVE-2022-50167
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-50167
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50167.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-50167
- Downstream
- Published
- 2025-06-18T11:03:20Z
- Modified
- 2025-10-21T12:10:52.175980Z
- Summary
- bpf: fix potential 32-bit overflow when accessing ARRAY map element
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bpf: fix potential 32-bit overflow when accessing ARRAY map element
If BPF array map is bigger than 4GB, element pointer calculation can overflow because both index and elem_size are u32. Fix this everywhere by forcing 64-bit multiplication. Extract this formula into separate small helper and use it consistently in various places.
Speculative-preventing formula utilizing index_mask trick is left as is, but explicit u64 casts are added in both places.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc85d69135a9175c50a823d04d62d932312d037b3Fixed063e092534d4c6785228e5b1eb6e9329f66ccbe4
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc85d69135a9175c50a823d04d62d932312d037b3Fixed3c7256b880b3a5aa1895fd169a34aa4224a11862
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc85d69135a9175c50a823d04d62d932312d037b3Fixed87ac0d600943994444e24382a87aa19acc4cd3d4
Affected versions
v5.*
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.18.10
v5.18.11
v5.18.12
v5.18.13
v5.18.14
v5.18.15
v5.18.16
v5.18.17
v5.18.2
v5.18.3
v5.18.4
v5.18.5
v5.18.6
v5.18.7
v5.18.8
v5.18.9
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.19.1
v5.2
v5.2-rc2
v5.2-rc3
v5.2-rc4
v5.2-rc5
v5.2-rc6
v5.2-rc7
v5.3
v5.3-rc1
v5.3-rc2
v5.3-rc3
v5.3-rc4
v5.3-rc5
v5.3-rc6
v5.3-rc7
v5.3-rc8
v5.4
v5.4-rc1
v5.4-rc2
v5.4-rc3
v5.4-rc4
v5.4-rc5
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@063e092534d4c6785228e5b1eb6e9329f66ccbe4",
"target": {
"function": "array_map_update_elem",
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-0afe1ed6",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "123392383068366731216273487604743305165",
"length": 907.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87ac0d600943994444e24382a87aa19acc4cd3d4",
"target": {
"function": "array_map_lookup_elem",
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-101e9983",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "259433417690479640747873309536719481305",
"length": 321.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87ac0d600943994444e24382a87aa19acc4cd3d4",
"target": {
"function": "bpf_array_map_seq_start",
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-1a8de084",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "183938619525575358780019720614393228785",
"length": 424.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@063e092534d4c6785228e5b1eb6e9329f66ccbe4",
"target": {
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-2028255c",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"105564852361113332106977182293074780408",
"196537601790818970690808096062327864548",
"114809296289913070087460565554956847454",
"180576442498551062722482318084266661974",
"224997787711504467947952952825032897188",
"44228231027612317372684672604380976470",
"213225674834690421793691948977476439712",
"74582578967791782239987547420097661861",
"196104177430858657803883025461558625974",
"18257511747492446634745976929009579845",
"59370571231996346184764389847870592632",
"60109161057393366438064238181354928612",
"32602807228488887408921487887539804883",
"148619567992250369000471992214196679604",
"175940267259621380057978525703765290682",
"46567488068152179473670629998175211752",
"198588191644867980623455022697235986625",
"266395432069033027607612576586298311305",
"219355999508580405322927907977077285316",
"141412862176343550576384442832453252525",
"176125408614959741341104708622029096115",
"182963603549092629650984064129603303384",
"222727954167579664275340378096842276591",
"81027186659807981659324958687740364513",
"176125408614959741341104708622029096115",
"182963603549092629650984064129603303384",
"301110823617223324377338256077484337213",
"53897401462879935218596059146152534012",
"61318219583118953149000387557671745175",
"163971205725856076579454430742241428361",
"129352751586452939614859433404111093852",
"289780201353361572013104908851948283340"
],
"threshold": 0.9
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c7256b880b3a5aa1895fd169a34aa4224a11862",
"target": {
"function": "bpf_for_each_array_elem",
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-3d94fd41",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "101651913336293333336750907798179698775",
"length": 712.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@063e092534d4c6785228e5b1eb6e9329f66ccbe4",
"target": {
"function": "array_map_free",
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-4d41a0f1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "330646432429964466014550450903451031011",
"length": 506.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87ac0d600943994444e24382a87aa19acc4cd3d4",
"target": {
"function": "array_map_update_elem",
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-66e1aa74",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "123392383068366731216273487604743305165",
"length": 907.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@063e092534d4c6785228e5b1eb6e9329f66ccbe4",
"target": {
"function": "bpf_for_each_array_elem",
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-6bea77d2",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "101651913336293333336750907798179698775",
"length": 712.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87ac0d600943994444e24382a87aa19acc4cd3d4",
"target": {
"function": "array_map_free",
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-6d1855e9",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "330646432429964466014550450903451031011",
"length": 506.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87ac0d600943994444e24382a87aa19acc4cd3d4",
"target": {
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-88e5335b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"105564852361113332106977182293074780408",
"196537601790818970690808096062327864548",
"114809296289913070087460565554956847454",
"180576442498551062722482318084266661974",
"224997787711504467947952952825032897188",
"44228231027612317372684672604380976470",
"213225674834690421793691948977476439712",
"74582578967791782239987547420097661861",
"196104177430858657803883025461558625974",
"18257511747492446634745976929009579845",
"59370571231996346184764389847870592632",
"60109161057393366438064238181354928612",
"32602807228488887408921487887539804883",
"148619567992250369000471992214196679604",
"175940267259621380057978525703765290682",
"46567488068152179473670629998175211752",
"198588191644867980623455022697235986625",
"266395432069033027607612576586298311305",
"219355999508580405322927907977077285316",
"141412862176343550576384442832453252525",
"176125408614959741341104708622029096115",
"182963603549092629650984064129603303384",
"222727954167579664275340378096842276591",
"81027186659807981659324958687740364513",
"176125408614959741341104708622029096115",
"182963603549092629650984064129603303384",
"301110823617223324377338256077484337213",
"53897401462879935218596059146152534012",
"61318219583118953149000387557671745175",
"163971205725856076579454430742241428361",
"129352751586452939614859433404111093852",
"289780201353361572013104908851948283340"
],
"threshold": 0.9
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c7256b880b3a5aa1895fd169a34aa4224a11862",
"target": {
"function": "array_map_free_timers",
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-92ba2b40",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "43724790543197564854644562466867495262",
"length": 311.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@063e092534d4c6785228e5b1eb6e9329f66ccbe4",
"target": {
"function": "bpf_array_map_seq_next",
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-9bbd2058",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "214974958855900840971869257816353488616",
"length": 436.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c7256b880b3a5aa1895fd169a34aa4224a11862",
"target": {
"function": "bpf_array_map_seq_next",
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-a4cbf4a4",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "214974958855900840971869257816353488616",
"length": 436.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87ac0d600943994444e24382a87aa19acc4cd3d4",
"target": {
"function": "array_map_free_timers",
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-a5cbb8fc",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "43724790543197564854644562466867495262",
"length": 311.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c7256b880b3a5aa1895fd169a34aa4224a11862",
"target": {
"function": "array_map_update_elem",
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-b24a3c2f",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "123392383068366731216273487604743305165",
"length": 907.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c7256b880b3a5aa1895fd169a34aa4224a11862",
"target": {
"function": "array_map_lookup_elem",
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-b308f2bd",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "259433417690479640747873309536719481305",
"length": 321.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c7256b880b3a5aa1895fd169a34aa4224a11862",
"target": {
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-c3e42235",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"105564852361113332106977182293074780408",
"196537601790818970690808096062327864548",
"114809296289913070087460565554956847454",
"180576442498551062722482318084266661974",
"224997787711504467947952952825032897188",
"44228231027612317372684672604380976470",
"213225674834690421793691948977476439712",
"74582578967791782239987547420097661861",
"196104177430858657803883025461558625974",
"18257511747492446634745976929009579845",
"59370571231996346184764389847870592632",
"60109161057393366438064238181354928612",
"32602807228488887408921487887539804883",
"148619567992250369000471992214196679604",
"175940267259621380057978525703765290682",
"46567488068152179473670629998175211752",
"198588191644867980623455022697235986625",
"266395432069033027607612576586298311305",
"219355999508580405322927907977077285316",
"141412862176343550576384442832453252525",
"176125408614959741341104708622029096115",
"182963603549092629650984064129603303384",
"222727954167579664275340378096842276591",
"81027186659807981659324958687740364513",
"176125408614959741341104708622029096115",
"182963603549092629650984064129603303384",
"301110823617223324377338256077484337213",
"53897401462879935218596059146152534012",
"61318219583118953149000387557671745175",
"163971205725856076579454430742241428361",
"129352751586452939614859433404111093852",
"289780201353361572013104908851948283340"
],
"threshold": 0.9
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c7256b880b3a5aa1895fd169a34aa4224a11862",
"target": {
"function": "array_map_free",
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-cea5a5b8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "330646432429964466014550450903451031011",
"length": 506.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@063e092534d4c6785228e5b1eb6e9329f66ccbe4",
"target": {
"function": "array_map_free_timers",
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-d5b9920f",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "43724790543197564854644562466867495262",
"length": 311.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c7256b880b3a5aa1895fd169a34aa4224a11862",
"target": {
"function": "bpf_array_map_seq_start",
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-dd9cdf69",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "183938619525575358780019720614393228785",
"length": 424.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87ac0d600943994444e24382a87aa19acc4cd3d4",
"target": {
"function": "bpf_for_each_array_elem",
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-e3879226",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "101651913336293333336750907798179698775",
"length": 712.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@063e092534d4c6785228e5b1eb6e9329f66ccbe4",
"target": {
"function": "bpf_array_map_seq_start",
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-e82ae9bf",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "183938619525575358780019720614393228785",
"length": 424.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@063e092534d4c6785228e5b1eb6e9329f66ccbe4",
"target": {
"function": "array_map_lookup_elem",
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-e8f55f7c",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "259433417690479640747873309536719481305",
"length": 321.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87ac0d600943994444e24382a87aa19acc4cd3d4",
"target": {
"function": "bpf_array_map_seq_next",
"file": "kernel/bpf/arraymap.c"
},
"id": "CVE-2022-50167-f2af399e",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "214974958855900840971869257816353488616",
"length": 436.0
}
}
]