Use After Free Vulnerability in Linux Kernel BPF Component
CVE-2022-50219

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 June 2025

What is CVE-2022-50219?

A use-after-free vulnerability exists in the Linux kernel's BPF (Berkeley Packet Filter) system that could lead to potential exploitation. This flaw arises when multiple BPF links are created, and an allocation failure occurs during the detachment process. The failure causes a freed pointer to be incorrectly accessed in subsequent operations, triggering a serious memory access issue. The resolution involves changing the management of pointers in the BPF link detach process, ensuring safer memory handling and preventing dereference of freed memory. Regular updates and following security advisories are essential to protect systems against this type of vulnerability.

Affected Version(s)

Linux af6eea57437a830293eab56246b6025cc7d46ee7 < 3527e3cbb84d8868c4d4e91ba55915f96d39ec3d

Linux af6eea57437a830293eab56246b6025cc7d46ee7 < 1f8ca9c40e6222ce431e9ba5dae3cccce8ef9443

Linux af6eea57437a830293eab56246b6025cc7d46ee7 < 6336388715afa419cc97d0255bda3bba1b96b7ca

References

https://git.kernel.org/stable/c/3527e3cbb84d8868c4d4e91ba...

https://git.kernel.org/stable/c/1f8ca9c40e6222ce431e9ba5d...

https://git.kernel.org/stable/c/6336388715afa419cc97d0255...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
Jun 18, 2025