CVE-2022-50200: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50200 is a security vulnerability discovered in the Linux kernel's SELinux implementation, specifically in the put_entry() function. The vulnerability was identified and disclosed on June 18, 2025, affecting various Linux kernel versions. The issue stems from a missing boundary check in the put_entry() function, similar to the checks implemented in next_entry() (NVD, Debian Tracker).

The vulnerability exists in the SELinux subsystem where the put_entry() function lacks necessary boundary checks that are present in the next_entry() function. This missing validation could potentially allow memory out-of-bounds access, which could compromise system security. The issue has been addressed in multiple Linux kernel versions, including 5.10.223-1 for Debian bullseye, 6.1.137-1 for bookworm, and 6.12.31-1 for trixie (Wiz, Debian Tracker).

The vulnerability could potentially lead to memory out-of-bounds access, which might result in system crashes or potential information disclosure. The exact impact depends on how the vulnerability is exploited and the specific system configuration (Wiz).

The vulnerability has been fixed in multiple Linux kernel versions. Users are advised to update to the following fixed versions: Debian bullseye: 5.10.223-1 or later, Debian bookworm: 6.1.137-1 or later, Debian trixie: 6.12.31-1 or later. Ubuntu users should update to version 5.4.0-132.148 for focal (20.04 LTS) and 4.15.0-197.208 for bionic (18.04 LTS) (Debian Tracker, Ubuntu).