CVE-2022-50490 Affecting libperf package, versions *


Severity

Recommended
0.0
high
0
10

Based on CentOS security rating.

Threat Intelligence

EPSS
0.02% (4th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS9-LIBPERF-13338082
  • published7 Oct 2025
  • disclosed4 Oct 2025

Introduced: 4 Oct 2025

NewCVE-2022-50490  (opens in a new tab)

How to fix?

There is no fixed version for Centos:9 libperf.

NVD Description

Note: Versions mentioned in the description apply only to the upstream libperf package and not the libperf package as distributed by Centos. See How to fix? for Centos:9 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

bpf: Propagate error from htab_lock_bucket() to userspace

In __htab_map_lookup_and_delete_batch() if htab_lock_bucket() returns -EBUSY, it will go to next bucket. Going to next bucket may not only skip the elements in current bucket silently, but also incur out-of-bound memory access or expose kernel memory to userspace if current bucket_cnt is greater than bucket_size or zero.

Fixing it by stopping batch operation and returning -EBUSY when htab_lock_bucket() fails, and the application can retry or skip the busy batch as needed.

CVSS Base Scores

version 3.1