{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-49732","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-02-26T02:21:30.449Z","datePublished":"2025-02-26T14:57:24.827Z","dateUpdated":"2025-05-04T08:44:16.828Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:44:16.828Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsock: redo the psock vs ULP protection check\n\nCommit 8a59f9d1e3d4 (\"sock: Introduce sk->sk_prot->psock_update_sk_prot()\")\nhas moved the inet_csk_has_ulp(sk) check from sk_psock_init() to\nthe new tcp_bpf_update_proto() function. I'm guessing that this\nwas done to allow creating psocks for non-inet sockets.\n\nUnfortunately the destruction path for psock includes the ULP\nunwind, so we need to fail the sk_psock_init() itself.\nOtherwise if ULP is already present we'll notice that later,\nand call tcp_update_ulp() with the sk_proto of the ULP\nitself, which will most likely result in the ULP looping\nits callbacks."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["include/net/inet_sock.h","net/core/skmsg.c","net/ipv4/tcp_bpf.c","net/tls/tls_main.c"],"versions":[{"version":"8a59f9d1e3d4340659fdfee8879dc09a6f2546e1","lessThan":"72fa0f65b56605b8a9ae9fba2082f2123f7fe017","status":"affected","versionType":"git"},{"version":"8a59f9d1e3d4340659fdfee8879dc09a6f2546e1","lessThan":"922309e50befb0cfa5cb65e4989b7706d6578846","status":"affected","versionType":"git"},{"version":"8a59f9d1e3d4340659fdfee8879dc09a6f2546e1","lessThan":"e34a07c0ae3906f97eb18df50902e2a01c1015b6","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["include/net/inet_sock.h","net/core/skmsg.c","net/ipv4/tcp_bpf.c","net/tls/tls_main.c"],"versions":[{"version":"5.13","status":"affected"},{"version":"0","lessThan":"5.13","status":"unaffected","versionType":"semver"},{"version":"5.15.51","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.18.8","lessThanOrEqual":"5.18.*","status":"unaffected","versionType":"semver"},{"version":"5.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.13","versionEndExcluding":"5.15.51"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.13","versionEndExcluding":"5.18.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.13","versionEndExcluding":"5.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/72fa0f65b56605b8a9ae9fba2082f2123f7fe017"},{"url":"https://git.kernel.org/stable/c/922309e50befb0cfa5cb65e4989b7706d6578846"},{"url":"https://git.kernel.org/stable/c/e34a07c0ae3906f97eb18df50902e2a01c1015b6"}],"title":"sock: redo the psock vs ULP protection check","x_generator":{"engine":"bippy-1.2.0"}}}}