{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50855","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-30T12:06:07.135Z","datePublished":"2025-12-30T12:15:30.481Z","dateUpdated":"2026-05-11T19:26:25.459Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:26:25.459Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: prevent leak of lsm program after failed attach\n\nIn [0], we added the ability to bpf_prog_attach LSM programs to cgroups,\nbut in our validation to make sure the prog is meant to be attached to\nBPF_LSM_CGROUP, we return too early if the check fails. This results in\nlack of decrementing prog's refcnt (through bpf_prog_put)\nleaving the LSM program alive past the point of the expected lifecycle.\nThis fix allows for the decrement to take place.\n\n[0] https://lore.kernel.org/all/20220628174314.1216643-4-sdf@google.com/"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/bpf/syscall.c"],"versions":[{"version":"69fd337a975c7e690dfe49d9cb4fe5ba1e6db44e","lessThan":"82b39df5ddb298daaf6dc504032ff7eb027fa106","status":"affected","versionType":"git"},{"version":"69fd337a975c7e690dfe49d9cb4fe5ba1e6db44e","lessThan":"6a1504dd36cd9a0a69250d61da8bdb17b29f1fe8","status":"affected","versionType":"git"},{"version":"69fd337a975c7e690dfe49d9cb4fe5ba1e6db44e","lessThan":"e89f3edffb860a0f54a9ed16deadb7a4a1fa3862","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/bpf/syscall.c"],"versions":[{"version":"6.0","status":"affected"},{"version":"0","lessThan":"6.0","status":"unaffected","versionType":"semver"},{"version":"6.0.16","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1.2","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.0.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.1.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/82b39df5ddb298daaf6dc504032ff7eb027fa106"},{"url":"https://git.kernel.org/stable/c/6a1504dd36cd9a0a69250d61da8bdb17b29f1fe8"},{"url":"https://git.kernel.org/stable/c/e89f3edffb860a0f54a9ed16deadb7a4a1fa3862"}],"title":"bpf: prevent leak of lsm program after failed attach","x_generator":{"engine":"bippy-1.2.0"}}}}