CVE-2022-50167

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-50167
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50167.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-50167
Downstream
Published
2025-06-18T11:03:20Z
Modified
2025-10-21T12:10:52.175980Z
Summary
bpf: fix potential 32-bit overflow when accessing ARRAY map element
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: fix potential 32-bit overflow when accessing ARRAY map element

If BPF array map is bigger than 4GB, element pointer calculation can overflow because both index and elem_size are u32. Fix this everywhere by forcing 64-bit multiplication. Extract this formula into separate small helper and use it consistently in various places.

Speculative-preventing formula utilizing index_mask trick is left as is, but explicit u64 casts are added in both places.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c85d69135a9175c50a823d04d62d932312d037b3
Fixed
063e092534d4c6785228e5b1eb6e9329f66ccbe4
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c85d69135a9175c50a823d04d62d932312d037b3
Fixed
3c7256b880b3a5aa1895fd169a34aa4224a11862
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c85d69135a9175c50a823d04d62d932312d037b3
Fixed
87ac0d600943994444e24382a87aa19acc4cd3d4

Affected versions

v5.*

v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.18.10
v5.18.11
v5.18.12
v5.18.13
v5.18.14
v5.18.15
v5.18.16
v5.18.17
v5.18.2
v5.18.3
v5.18.4
v5.18.5
v5.18.6
v5.18.7
v5.18.8
v5.18.9
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.19.1
v5.2
v5.2-rc2
v5.2-rc3
v5.2-rc4
v5.2-rc5
v5.2-rc6
v5.2-rc7
v5.3
v5.3-rc1
v5.3-rc2
v5.3-rc3
v5.3-rc4
v5.3-rc5
v5.3-rc6
v5.3-rc7
v5.3-rc8
v5.4
v5.4-rc1
v5.4-rc2
v5.4-rc3
v5.4-rc4
v5.4-rc5
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8

Database specific

vanir_signatures

[
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@063e092534d4c6785228e5b1eb6e9329f66ccbe4",
        "target": {
            "file": "kernel/bpf/arraymap.c",
            "function": "array_map_update_elem"
        },
        "id": "CVE-2022-50167-0afe1ed6",
        "signature_type": "Function",
        "digest": {
            "function_hash": "123392383068366731216273487604743305165",
            "length": 907.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87ac0d600943994444e24382a87aa19acc4cd3d4",
        "target": {
            "file": "kernel/bpf/arraymap.c",
            "function": "array_map_lookup_elem"
        },
        "id": "CVE-2022-50167-101e9983",
        "signature_type": "Function",
        "digest": {
            "function_hash": "259433417690479640747873309536719481305",
            "length": 321.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87ac0d600943994444e24382a87aa19acc4cd3d4",
        "target": {
            "file": "kernel/bpf/arraymap.c",
            "function": "bpf_array_map_seq_start"
        },
        "id": "CVE-2022-50167-1a8de084",
        "signature_type": "Function",
        "digest": {
            "function_hash": "183938619525575358780019720614393228785",
            "length": 424.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@063e092534d4c6785228e5b1eb6e9329f66ccbe4",
        "target": {
            "file": "kernel/bpf/arraymap.c"
        },
        "id": "CVE-2022-50167-2028255c",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "105564852361113332106977182293074780408",
                "196537601790818970690808096062327864548",
                "114809296289913070087460565554956847454",
                "180576442498551062722482318084266661974",
                "224997787711504467947952952825032897188",
                "44228231027612317372684672604380976470",
                "213225674834690421793691948977476439712",
                "74582578967791782239987547420097661861",
                "196104177430858657803883025461558625974",
                "18257511747492446634745976929009579845",
                "59370571231996346184764389847870592632",
                "60109161057393366438064238181354928612",
                "32602807228488887408921487887539804883",
                "148619567992250369000471992214196679604",
                "175940267259621380057978525703765290682",
                "46567488068152179473670629998175211752",
                "198588191644867980623455022697235986625",
                "266395432069033027607612576586298311305",
                "219355999508580405322927907977077285316",
                "141412862176343550576384442832453252525",
                "176125408614959741341104708622029096115",
                "182963603549092629650984064129603303384",
                "222727954167579664275340378096842276591",
                "81027186659807981659324958687740364513",
                "176125408614959741341104708622029096115",
                "182963603549092629650984064129603303384",
                "301110823617223324377338256077484337213",
                "53897401462879935218596059146152534012",
                "61318219583118953149000387557671745175",
                "163971205725856076579454430742241428361",
                "129352751586452939614859433404111093852",
                "289780201353361572013104908851948283340"
            ]
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c7256b880b3a5aa1895fd169a34aa4224a11862",
        "target": {
            "file": "kernel/bpf/arraymap.c",
            "function": "bpf_for_each_array_elem"
        },
        "id": "CVE-2022-50167-3d94fd41",
        "signature_type": "Function",
        "digest": {
            "function_hash": "101651913336293333336750907798179698775",
            "length": 712.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@063e092534d4c6785228e5b1eb6e9329f66ccbe4",
        "target": {
            "file": "kernel/bpf/arraymap.c",
            "function": "array_map_free"
        },
        "id": "CVE-2022-50167-4d41a0f1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "330646432429964466014550450903451031011",
            "length": 506.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87ac0d600943994444e24382a87aa19acc4cd3d4",
        "target": {
            "file": "kernel/bpf/arraymap.c",
            "function": "array_map_update_elem"
        },
        "id": "CVE-2022-50167-66e1aa74",
        "signature_type": "Function",
        "digest": {
            "function_hash": "123392383068366731216273487604743305165",
            "length": 907.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@063e092534d4c6785228e5b1eb6e9329f66ccbe4",
        "target": {
            "file": "kernel/bpf/arraymap.c",
            "function": "bpf_for_each_array_elem"
        },
        "id": "CVE-2022-50167-6bea77d2",
        "signature_type": "Function",
        "digest": {
            "function_hash": "101651913336293333336750907798179698775",
            "length": 712.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87ac0d600943994444e24382a87aa19acc4cd3d4",
        "target": {
            "file": "kernel/bpf/arraymap.c",
            "function": "array_map_free"
        },
        "id": "CVE-2022-50167-6d1855e9",
        "signature_type": "Function",
        "digest": {
            "function_hash": "330646432429964466014550450903451031011",
            "length": 506.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87ac0d600943994444e24382a87aa19acc4cd3d4",
        "target": {
            "file": "kernel/bpf/arraymap.c"
        },
        "id": "CVE-2022-50167-88e5335b",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "105564852361113332106977182293074780408",
                "196537601790818970690808096062327864548",
                "114809296289913070087460565554956847454",
                "180576442498551062722482318084266661974",
                "224997787711504467947952952825032897188",
                "44228231027612317372684672604380976470",
                "213225674834690421793691948977476439712",
                "74582578967791782239987547420097661861",
                "196104177430858657803883025461558625974",
                "18257511747492446634745976929009579845",
                "59370571231996346184764389847870592632",
                "60109161057393366438064238181354928612",
                "32602807228488887408921487887539804883",
                "148619567992250369000471992214196679604",
                "175940267259621380057978525703765290682",
                "46567488068152179473670629998175211752",
                "198588191644867980623455022697235986625",
                "266395432069033027607612576586298311305",
                "219355999508580405322927907977077285316",
                "141412862176343550576384442832453252525",
                "176125408614959741341104708622029096115",
                "182963603549092629650984064129603303384",
                "222727954167579664275340378096842276591",
                "81027186659807981659324958687740364513",
                "176125408614959741341104708622029096115",
                "182963603549092629650984064129603303384",
                "301110823617223324377338256077484337213",
                "53897401462879935218596059146152534012",
                "61318219583118953149000387557671745175",
                "163971205725856076579454430742241428361",
                "129352751586452939614859433404111093852",
                "289780201353361572013104908851948283340"
            ]
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c7256b880b3a5aa1895fd169a34aa4224a11862",
        "target": {
            "file": "kernel/bpf/arraymap.c",
            "function": "array_map_free_timers"
        },
        "id": "CVE-2022-50167-92ba2b40",
        "signature_type": "Function",
        "digest": {
            "function_hash": "43724790543197564854644562466867495262",
            "length": 311.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@063e092534d4c6785228e5b1eb6e9329f66ccbe4",
        "target": {
            "file": "kernel/bpf/arraymap.c",
            "function": "bpf_array_map_seq_next"
        },
        "id": "CVE-2022-50167-9bbd2058",
        "signature_type": "Function",
        "digest": {
            "function_hash": "214974958855900840971869257816353488616",
            "length": 436.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c7256b880b3a5aa1895fd169a34aa4224a11862",
        "target": {
            "file": "kernel/bpf/arraymap.c",
            "function": "bpf_array_map_seq_next"
        },
        "id": "CVE-2022-50167-a4cbf4a4",
        "signature_type": "Function",
        "digest": {
            "function_hash": "214974958855900840971869257816353488616",
            "length": 436.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87ac0d600943994444e24382a87aa19acc4cd3d4",
        "target": {
            "file": "kernel/bpf/arraymap.c",
            "function": "array_map_free_timers"
        },
        "id": "CVE-2022-50167-a5cbb8fc",
        "signature_type": "Function",
        "digest": {
            "function_hash": "43724790543197564854644562466867495262",
            "length": 311.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c7256b880b3a5aa1895fd169a34aa4224a11862",
        "target": {
            "file": "kernel/bpf/arraymap.c",
            "function": "array_map_update_elem"
        },
        "id": "CVE-2022-50167-b24a3c2f",
        "signature_type": "Function",
        "digest": {
            "function_hash": "123392383068366731216273487604743305165",
            "length": 907.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c7256b880b3a5aa1895fd169a34aa4224a11862",
        "target": {
            "file": "kernel/bpf/arraymap.c",
            "function": "array_map_lookup_elem"
        },
        "id": "CVE-2022-50167-b308f2bd",
        "signature_type": "Function",
        "digest": {
            "function_hash": "259433417690479640747873309536719481305",
            "length": 321.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c7256b880b3a5aa1895fd169a34aa4224a11862",
        "target": {
            "file": "kernel/bpf/arraymap.c"
        },
        "id": "CVE-2022-50167-c3e42235",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "105564852361113332106977182293074780408",
                "196537601790818970690808096062327864548",
                "114809296289913070087460565554956847454",
                "180576442498551062722482318084266661974",
                "224997787711504467947952952825032897188",
                "44228231027612317372684672604380976470",
                "213225674834690421793691948977476439712",
                "74582578967791782239987547420097661861",
                "196104177430858657803883025461558625974",
                "18257511747492446634745976929009579845",
                "59370571231996346184764389847870592632",
                "60109161057393366438064238181354928612",
                "32602807228488887408921487887539804883",
                "148619567992250369000471992214196679604",
                "175940267259621380057978525703765290682",
                "46567488068152179473670629998175211752",
                "198588191644867980623455022697235986625",
                "266395432069033027607612576586298311305",
                "219355999508580405322927907977077285316",
                "141412862176343550576384442832453252525",
                "176125408614959741341104708622029096115",
                "182963603549092629650984064129603303384",
                "222727954167579664275340378096842276591",
                "81027186659807981659324958687740364513",
                "176125408614959741341104708622029096115",
                "182963603549092629650984064129603303384",
                "301110823617223324377338256077484337213",
                "53897401462879935218596059146152534012",
                "61318219583118953149000387557671745175",
                "163971205725856076579454430742241428361",
                "129352751586452939614859433404111093852",
                "289780201353361572013104908851948283340"
            ]
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c7256b880b3a5aa1895fd169a34aa4224a11862",
        "target": {
            "file": "kernel/bpf/arraymap.c",
            "function": "array_map_free"
        },
        "id": "CVE-2022-50167-cea5a5b8",
        "signature_type": "Function",
        "digest": {
            "function_hash": "330646432429964466014550450903451031011",
            "length": 506.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@063e092534d4c6785228e5b1eb6e9329f66ccbe4",
        "target": {
            "file": "kernel/bpf/arraymap.c",
            "function": "array_map_free_timers"
        },
        "id": "CVE-2022-50167-d5b9920f",
        "signature_type": "Function",
        "digest": {
            "function_hash": "43724790543197564854644562466867495262",
            "length": 311.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c7256b880b3a5aa1895fd169a34aa4224a11862",
        "target": {
            "file": "kernel/bpf/arraymap.c",
            "function": "bpf_array_map_seq_start"
        },
        "id": "CVE-2022-50167-dd9cdf69",
        "signature_type": "Function",
        "digest": {
            "function_hash": "183938619525575358780019720614393228785",
            "length": 424.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87ac0d600943994444e24382a87aa19acc4cd3d4",
        "target": {
            "file": "kernel/bpf/arraymap.c",
            "function": "bpf_for_each_array_elem"
        },
        "id": "CVE-2022-50167-e3879226",
        "signature_type": "Function",
        "digest": {
            "function_hash": "101651913336293333336750907798179698775",
            "length": 712.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@063e092534d4c6785228e5b1eb6e9329f66ccbe4",
        "target": {
            "file": "kernel/bpf/arraymap.c",
            "function": "bpf_array_map_seq_start"
        },
        "id": "CVE-2022-50167-e82ae9bf",
        "signature_type": "Function",
        "digest": {
            "function_hash": "183938619525575358780019720614393228785",
            "length": 424.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@063e092534d4c6785228e5b1eb6e9329f66ccbe4",
        "target": {
            "file": "kernel/bpf/arraymap.c",
            "function": "array_map_lookup_elem"
        },
        "id": "CVE-2022-50167-e8f55f7c",
        "signature_type": "Function",
        "digest": {
            "function_hash": "259433417690479640747873309536719481305",
            "length": 321.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87ac0d600943994444e24382a87aa19acc4cd3d4",
        "target": {
            "file": "kernel/bpf/arraymap.c",
            "function": "bpf_array_map_seq_next"
        },
        "id": "CVE-2022-50167-f2af399e",
        "signature_type": "Function",
        "digest": {
            "function_hash": "214974958855900840971869257816353488616",
            "length": 436.0
        },
        "deprecated": false,
        "signature_version": "v1"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.3.0
Fixed
5.18.18
Type
ECOSYSTEM
Events
Introduced
5.19.0
Fixed
5.19.2