CVE-2022-50168

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, related to the freeing of not-finalized bpf prog pack. The issue occurs when there are multiple subprogs and jit subprogs() is called, which can lead to the erroneous freeing of a 2MB page. This happens because bpf jit binary pack finalize() is not called for all subprograms before bpf jit free() is called. The vulnerability was reported by syzbot, which identified a few issues with bpf prog pack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.