PT-2025-41041 · Linux+3 · Linux Kernel+3

Published

2022-05-10

Updated

2025-11-24

CVE-2022-50536

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0 #1

Description The Linux kernel contains a flaw in the bpf, sockmap subsystem related to repeated calls to sock put() when a message has more data. Specifically, in the tcp bpf send verdict() redirection, the eval variable is not reset to SK NONE each time more data is present, leading to multiple calls to sock put(). This can result in a use-after-free condition, potentially causing a system crash. The issue occurs during IPv4 socket release when in state 1. The vulnerable code path involves the tcp bpf send verdict() function and related functions like tcp bpf sendmsg redir() and tcp bpf sendmsg().

Recommendations Update to Linux kernel version 6.0.0 #1 or later.

Exploit

Fix

Double Free

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415CWE-416

Related Identifiers

BDU:2026-04063

CESA-2022_1988

CVE-2022-50536

RHSA-2022:1988

RHSA-2022:8267

RHSA-2022_1988

RHSA-2022_8267

RHSA-2023:6583

RHSA-2023_6583

SUSE-SU-2025:4189-1

Affected Products

Centos

Linux Kernel

Red Hat

Suse

PT-2025-41041 · Linux+3 · Linux Kernel+3

CVE-2022-50536

Weakness Enumeration

Related Identifiers

Affected Products

References · 308