CVE-2022-23066

Name of the Vulnerable Software and Affected Versions Solana rBPF versions 0.2.26 through 0.2.27

Description The issue is caused by an improper implementation of the sdiv instruction, leading to incorrect calculations. This can result in the wrong execution path, potentially causing significant losses in specific cases, such as deciding whether to transfer tokens or not. The problem affects both integrity and may cause serious availability issues.

Recommendations For versions 0.2.26 and 0.2.27, consider disabling the sdiv instruction temporarily until a patch is available to prevent potential incorrect calculations and execution paths. At the moment, there is no information about a newer version that contains a fix for this vulnerability.