DEBIAN-CVE-2022-50855
- Source
- https://security-tracker.debian.org/tracker/CVE-2022-50855
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50855.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2022-50855
- Upstream
- Published
- 2025-12-30T13:16:00.223Z
- Modified
- 2025-12-31T11:10:15.402263Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: bpf: prevent leak of lsm program after failed attach In [0], we added the ability to bpfprogattach LSM programs to cgroups, but in our validation to make sure the prog is meant to be attached to BPFLSMCGROUP, we return too early if the check fails. This results in lack of decrementing prog's refcnt (through bpfprogput) leaving the LSM program alive past the point of the expected lifecycle. This fix allows for the decrement to take place. [0] https://lore.kernel.org/all/20220628174314.1216643-4-sdf@google.com/
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source