CVE-2022-50650

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel’s BPF verifier has an issue with reference state management for synchronous callbacks. The verifier incorrectly assumes callbacks will execute only once, leading to problems when using helpers that execute callbacks multiple times (for each style helpers). This can result in reference leaks when callbacks acquire references or double-free conditions when releasing caller-owned references. These conditions can potentially cause memory corruption or denial of service. The issue does not affect asynchronous callbacks, as they handle reference state differently and are considered safe even with multiple executions. The fix involves introducing a callback ref member in the reference state to distinguish between caller and callee references, and enforcing that callbacks release their acquired references before exiting.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.