PT-2025-53983 · Linux+2 · Linux Kernel+2

Published

2022-10-24

Updated

2026-02-12

CVE-2022-50865

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A signed-integer-overflow bug exists in the tcp add backlog() function within the TCP implementation of the Linux kernel. The sk rcvbuf and sk sndbuf variables within the struct sock are of type int. When calculating a limit within tcp add backlog(), the sum of sk rcvbuf, sk sndbuf, and 64 * 1024 may exceed the maximum value of an int, leading to an overflow. The issue is addressed by reducing the limit budget by halving the sndbuf, as ACK packets are typically smaller than the payload.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2026:1661

ALSA-2026:1662

BDU:2026-02418

CVE-2022-50865

RHSA-2023:6583

RHSA-2026:1661

RHSA-2026:1662

RHSA-2026:1909

RHSA-2026:1946

RHSA-2026:2490

RHSA-2026:2573

RHSA-2026:2577

RHSA-2026:3277

RHSA-2026:3360

RHSA-2026:3388

SUSE-SU-2026:0473-1

Affected Products

Linux Kernel

Red Hat

Rocky Linux

PT-2025-53983 · Linux+2 · Linux Kernel+2

CVE-2022-50865

Weakness Enumeration

Related Identifiers

Affected Products

References · 352