CVE-2022-49877: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49877 affects the Linux kernel's BPF sockmap implementation. The vulnerability was discovered and published to the CVE List on May 1, 2025. The issue specifically relates to a warning that appears in the sk->sk_forward_alloc of sk_stream_kill_queues when running test_sockmap selftests (NVD CVE, Wiz Report).

The vulnerability stems from a root cause in commit 84472b436e76 ("bpf, sockmap: Fix more uncharged while msg has more_data"), where msg->sg.size was used to replace the tosend variable, causing breakage in the code logic: if (msg->apply_bytes && msg->apply_bytes < tosend) tosend = psock->apply_bytes;. This implementation error triggers a warning in the kernel's networking subsystem during specific sockmap operations. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat XML).

The vulnerability affects the Linux kernel's networking subsystem, specifically impacting the BPF sockmap functionality. When exploited, it can trigger warnings in the sk_stream_kill_queues process, potentially affecting system stability (NVD CVE).

Red Hat has marked this vulnerability as 'Fix deferred' for Red Hat Enterprise Linux 9 and kernel-rt packages. Various Linux distributions have implemented or are in the process of implementing patches to address this vulnerability (Red Hat XML).