{"id":"CVE-2022-49732","summary":"sock: redo the psock vs ULP protection check","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nsock: redo the psock vs ULP protection check\n\nCommit 8a59f9d1e3d4 (\"sock: Introduce sk-\u003esk_prot-\u003epsock_update_sk_prot()\")\nhas moved the inet_csk_has_ulp(sk) check from sk_psock_init() to\nthe new tcp_bpf_update_proto() function. I'm guessing that this\nwas done to allow creating psocks for non-inet sockets.\n\nUnfortunately the destruction path for psock includes the ULP\nunwind, so we need to fail the sk_psock_init() itself.\nOtherwise if ULP is already present we'll notice that later,\nand call tcp_update_ulp() with the sk_proto of the ULP\nitself, which will most likely result in the ULP looping\nits callbacks.","modified":"2026-03-10T21:48:19.404706Z","published":"2025-02-26T14:57:24.827Z","related":["SUSE-SU-2025:1176-1","SUSE-SU-2025:1241-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49732.json"},"references":[{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"},{"type":"WEB","url":"https://git.kernel.org/stable/c/72fa0f65b56605b8a9ae9fba2082f2123f7fe017"},{"type":"WEB","url":"https://git.kernel.org/stable/c/922309e50befb0cfa5cb65e4989b7706d6578846"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e34a07c0ae3906f97eb18df50902e2a01c1015b6"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49732.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49732"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8a59f9d1e3d4340659fdfee8879dc09a6f2546e1"},{"fixed":"72fa0f65b56605b8a9ae9fba2082f2123f7fe017"},{"fixed":"922309e50befb0cfa5cb65e4989b7706d6578846"},{"fixed":"e34a07c0ae3906f97eb18df50902e2a01c1015b6"}]}],"versions":["v5.12","v5.12-rc5","v5.12-rc6","v5.12-rc7","v5.12-rc8","v5.13","v5.13-rc1","v5.13-rc2","v5.13-rc3","v5.13-rc4","v5.13-rc5","v5.13-rc6","v5.13-rc7","v5.14","v5.14-rc1","v5.14-rc2","v5.14-rc3","v5.14-rc4","v5.14-rc5","v5.14-rc6","v5.14-rc7","v5.15","v5.15-rc1","v5.15-rc2","v5.15-rc3","v5.15-rc4","v5.15-rc5","v5.15-rc6","v5.15-rc7","v5.15.1","v5.15.10","v5.15.11","v5.15.12","v5.15.13","v5.15.14","v5.15.15","v5.15.16","v5.15.17","v5.15.18","v5.15.19","v5.15.2","v5.15.20","v5.15.21","v5.15.22","v5.15.23","v5.15.24","v5.15.25","v5.15.26","v5.15.27","v5.15.28","v5.15.29","v5.15.3","v5.15.30","v5.15.31","v5.15.32","v5.15.33","v5.15.34","v5.15.35","v5.15.36","v5.15.37","v5.15.38","v5.15.39","v5.15.4","v5.15.40","v5.15.41","v5.15.42","v5.15.43","v5.15.44","v5.15.45","v5.15.46","v5.15.47","v5.15.48","v5.15.49","v5.15.5","v5.15.50","v5.15.6","v5.15.7","v5.15.8","v5.15.9","v5.16","v5.16-rc1","v5.16-rc2","v5.16-rc3","v5.16-rc4","v5.16-rc5","v5.16-rc6","v5.16-rc7","v5.16-rc8","v5.17","v5.17-rc1","v5.17-rc2","v5.17-rc3","v5.17-rc4","v5.17-rc5","v5.17-rc6","v5.17-rc7","v5.17-rc8","v5.18","v5.18-rc1","v5.18-rc2","v5.18-rc3","v5.18-rc4","v5.18-rc5","v5.18-rc6","v5.18-rc7","v5.18.1","v5.18.2","v5.18.3","v5.18.4","v5.18.5","v5.18.6","v5.18.7","v5.19-rc1","v5.19-rc2"],"database_specific":{"vanir_signatures":[{"target":{"file":"net/tls/tls_main.c"},"id":"CVE-2022-49732-06b7d714","digest":{"threshold":0.9,"line_hashes":["204967942800165610225600045518313640691","5718583471209326400191767288047737761","48731480091053755715992009124491763818"]},"deprecated":false,"source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e34a07c0ae3906f97eb18df50902e2a01c1015b6","signature_version":"v1","signature_type":"Line"},{"target":{"function":"tls_update","file":"net/tls/tls_main.c"},"id":"CVE-2022-49732-15e57299","digest":{"function_hash":"183981327339320958223317651212509257813","length":307},"deprecated":false,"source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@72fa0f65b56605b8a9ae9fba2082f2123f7fe017","signature_version":"v1","signature_type":"Function"},{"target":{"file":"net/tls/tls_main.c"},"id":"CVE-2022-49732-31d5c7dd","digest":{"threshold":0.9,"line_hashes":["204967942800165610225600045518313640691","5718583471209326400191767288047737761","48731480091053755715992009124491763818"]},"deprecated":false,"source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@72fa0f65b56605b8a9ae9fba2082f2123f7fe017","signature_version":"v1","signature_type":"Line"},{"target":{"function":"sk_psock_init","file":"net/core/skmsg.c"},"id":"CVE-2022-49732-40b1f9ee","digest":{"function_hash":"210131477117632649025409644050967847307","length":1007},"deprecated":false,"source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@72fa0f65b56605b8a9ae9fba2082f2123f7fe017","signature_version":"v1","signature_type":"Function"},{"target":{"file":"net/tls/tls_main.c"},"id":"CVE-2022-49732-45926001","digest":{"threshold":0.9,"line_hashes":["204967942800165610225600045518313640691","5718583471209326400191767288047737761","48731480091053755715992009124491763818"]},"deprecated":false,"source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@922309e50befb0cfa5cb65e4989b7706d6578846","signature_version":"v1","signature_type":"Line"},{"target":{"file":"net/ipv4/tcp_bpf.c"},"id":"CVE-2022-49732-54e77dc7","digest":{"threshold":0.9,"line_hashes":["303693366656287058348276705193601758755","127927334395071044537320397584042908519","333209735094059146255424820291836568737","35141077393023513472700206575423150200","215586867152275268292354258398346386051"]},"deprecated":false,"source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@72fa0f65b56605b8a9ae9fba2082f2123f7fe017","signature_version":"v1","signature_type":"Line"},{"target":{"function":"tcp_bpf_update_proto","file":"net/ipv4/tcp_bpf.c"},"id":"CVE-2022-49732-5b577591","digest":{"function_hash":"158785150269524310989118206750430503629","length":906},"deprecated":false,"source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e34a07c0ae3906f97eb18df50902e2a01c1015b6","signature_version":"v1","signature_type":"Function"},{"target":{"file":"include/net/inet_sock.h"},"id":"CVE-2022-49732-5da00500","digest":{"threshold":0.9,"line_hashes":["120228592740775661716111113449019436724","334133809656320233533122446185012554616","256031088297906638643204505796390978831"]},"deprecated":false,"source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@72fa0f65b56605b8a9ae9fba2082f2123f7fe017","signature_version":"v1","signature_type":"Line"},{"target":{"function":"sk_psock_init","file":"net/core/skmsg.c"},"id":"CVE-2022-49732-6265c176","digest":{"function_hash":"210131477117632649025409644050967847307","length":1007},"deprecated":false,"source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e34a07c0ae3906f97eb18df50902e2a01c1015b6","signature_version":"v1","signature_type":"Function"},{"target":{"file":"net/ipv4/tcp_bpf.c"},"id":"CVE-2022-49732-6930cee5","digest":{"threshold":0.9,"line_hashes":["303693366656287058348276705193601758755","127927334395071044537320397584042908519","333209735094059146255424820291836568737","35141077393023513472700206575423150200","215586867152275268292354258398346386051"]},"deprecated":false,"source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e34a07c0ae3906f97eb18df50902e2a01c1015b6","signature_version":"v1","signature_type":"Line"},{"target":{"file":"include/net/inet_sock.h"},"id":"CVE-2022-49732-69a1440f","digest":{"threshold":0.9,"line_hashes":["120228592740775661716111113449019436724","334133809656320233533122446185012554616","256031088297906638643204505796390978831"]},"deprecated":false,"source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e34a07c0ae3906f97eb18df50902e2a01c1015b6","signature_version":"v1","signature_type":"Line"},{"target":{"function":"tls_update","file":"net/tls/tls_main.c"},"id":"CVE-2022-49732-7a76fc37","digest":{"function_hash":"183981327339320958223317651212509257813","length":307},"deprecated":false,"source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e34a07c0ae3906f97eb18df50902e2a01c1015b6","signature_version":"v1","signature_type":"Function"},{"target":{"file":"net/core/skmsg.c"},"id":"CVE-2022-49732-7ea47c3b","digest":{"threshold":0.9,"line_hashes":["337927641938455250128093497952855654520","142180372755963362566553437032723855375","214246969721290256085733390014071747825"]},"deprecated":false,"source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@72fa0f65b56605b8a9ae9fba2082f2123f7fe017","signature_version":"v1","signature_type":"Line"},{"target":{"function":"tls_update","file":"net/tls/tls_main.c"},"id":"CVE-2022-49732-97c98865","digest":{"function_hash":"183981327339320958223317651212509257813","length":307},"deprecated":false,"source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@922309e50befb0cfa5cb65e4989b7706d6578846","signature_version":"v1","signature_type":"Function"},{"target":{"file":"net/ipv4/tcp_bpf.c"},"id":"CVE-2022-49732-b20336fc","digest":{"threshold":0.9,"line_hashes":["303693366656287058348276705193601758755","127927334395071044537320397584042908519","333209735094059146255424820291836568737","35141077393023513472700206575423150200","215586867152275268292354258398346386051"]},"deprecated":false,"source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@922309e50befb0cfa5cb65e4989b7706d6578846","signature_version":"v1","signature_type":"Line"},{"target":{"function":"sk_psock_init","file":"net/core/skmsg.c"},"id":"CVE-2022-49732-c9468373","digest":{"function_hash":"210131477117632649025409644050967847307","length":1007},"deprecated":false,"source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@922309e50befb0cfa5cb65e4989b7706d6578846","signature_version":"v1","signature_type":"Function"},{"target":{"function":"tcp_bpf_update_proto","file":"net/ipv4/tcp_bpf.c"},"id":"CVE-2022-49732-e0b82cb2","digest":{"function_hash":"158785150269524310989118206750430503629","length":906},"deprecated":false,"source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@922309e50befb0cfa5cb65e4989b7706d6578846","signature_version":"v1","signature_type":"Function"},{"target":{"file":"net/core/skmsg.c"},"id":"CVE-2022-49732-e176a539","digest":{"threshold":0.9,"line_hashes":["337927641938455250128093497952855654520","142180372755963362566553437032723855375","214246969721290256085733390014071747825"]},"deprecated":false,"source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@922309e50befb0cfa5cb65e4989b7706d6578846","signature_version":"v1","signature_type":"Line"},{"target":{"file":"include/net/inet_sock.h"},"id":"CVE-2022-49732-e6435b2e","digest":{"threshold":0.9,"line_hashes":["120228592740775661716111113449019436724","334133809656320233533122446185012554616","256031088297906638643204505796390978831"]},"deprecated":false,"source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@922309e50befb0cfa5cb65e4989b7706d6578846","signature_version":"v1","signature_type":"Line"},{"target":{"function":"tcp_bpf_update_proto","file":"net/ipv4/tcp_bpf.c"},"id":"CVE-2022-49732-edd0d6fd","digest":{"function_hash":"158785150269524310989118206750430503629","length":906},"deprecated":false,"source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@72fa0f65b56605b8a9ae9fba2082f2123f7fe017","signature_version":"v1","signature_type":"Function"},{"target":{"file":"net/core/skmsg.c"},"id":"CVE-2022-49732-f2596220","digest":{"threshold":0.9,"line_hashes":["337927641938455250128093497952855654520","142180372755963362566553437032723855375","214246969721290256085733390014071747825"]},"deprecated":false,"source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e34a07c0ae3906f97eb18df50902e2a01c1015b6","signature_version":"v1","signature_type":"Line"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49732.json"}}],"schema_version":"1.7.3"}