CVE-2022-50855 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-50855 PUBLISHED

Reported by Linux · Published December 30, 2025

In the Linux kernel, the following vulnerability has been resolved: bpf: prevent leak of lsm program after failed attach In [0], we added the ability to bpf_prog_attach LSM programs to cgroups, but in our validation to make sure the prog is meant to be attached to BPF_LSM_CGROUP, we return too early if the check fails. This results in lack of decrementing prog's refcnt (through bpf_prog_put) leaving the LSM program alive past the point of the expected lifecycle. This fix allows for the decrement to take place. [0] https://lore.kernel.org/all/20220628174314.1216643-4-sdf@google.com/

EPSS 0.03% · 6.7th percentile

Risk Scores

EPSS Score

0.03%

6.7th percentile

Affected Products

Vendor	Product	Versions
Linux	Linux	69fd337a975c7e690dfe49d9cb4fe5ba1e6db44e, 69fd337a975c7e690dfe49d9cb4fe5ba1e6db44e, 69fd337a975c7e690dfe49d9cb4fe5ba1e6db44e
Linux	Linux	6.0, 0, 6.0.16
Linux	Linux	69fd337a975c7e690dfe49d9cb4fe5ba1e6db44e, 69fd337a975c7e690dfe49d9cb4fe5ba1e6db44e, 69fd337a975c7e690dfe49d9cb4fe5ba1e6db44e
linux	linux_kernel	6.0, 6.0, 6.0

Timeline

Dec 30, 2025 CVE Published
Dec 31, 2025 EPSS Score
Jan 3, 2026 EPSS Score
Jan 6, 2026 EPSS Score
Jan 9, 2026 EPSS Score
Jan 12, 2026 EPSS Score
Jan 14, 2026 EPSS Score
Jan 17, 2026 EPSS Score
Jan 20, 2026 EPSS Score
Jan 23, 2026 EPSS Score
Jan 26, 2026 EPSS Score
Jan 29, 2026 EPSS Score

References

Open in Interactive Console →