[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-49985":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":24,"duplicate_of":9,"upstream":25,"downstream":26,"duplicates":59,"related":60,"reserved_at":9,"published_at":67,"modified_at":68,"state":69,"summary":70,"references_raw":79,"kevs":98,"epss":99,"epss_history":102,"metrics":373,"affected":379},"CVE-2022-49985","In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Don't use tnum_range on array range checking for poke descriptors\n\nHsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which\nis based on a customized syzkaller:\n\n  BUG: KASAN: slab-out-of-bounds in bpf_int_jit_compile+0x1257/0x13f0\n  Read of size 8 at addr ffff888004e90b58 by task syz-executor.0/1489\n  CPU: 1 PID: 1489 Comm: syz-executor.0 Not tainted 5.19.0 #1\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n  1.13.0-1ubuntu1.1 04/01/2014\n  Call Trace:\n   \u003CTASK>\n   dump_stack_lvl+0x9c/0xc9\n   print_address_description.constprop.0+0x1f/0x1f0\n   ? bpf_int_jit_compile+0x1257/0x13f0\n   kasan_report.cold+0xeb/0x197\n   ? kvmalloc_node+0x170/0x200\n   ? bpf_int_jit_compile+0x1257/0x13f0\n   bpf_int_jit_compile+0x1257/0x13f0\n   ? arch_prepare_bpf_dispatcher+0xd0/0xd0\n   ? rcu_read_lock_sched_held+0x43/0x70\n   bpf_prog_select_runtime+0x3e8/0x640\n   ? bpf_obj_name_cpy+0x149/0x1b0\n   bpf_prog_load+0x102f/0x2220\n   ? __bpf_prog_put.constprop.0+0x220/0x220\n   ? find_held_lock+0x2c/0x110\n   ? __might_fault+0xd6/0x180\n   ? lock_downgrade+0x6e0/0x6e0\n   ? lock_is_held_type+0xa6/0x120\n   ? __might_fault+0x147/0x180\n   __sys_bpf+0x137b/0x6070\n   ? bpf_perf_link_attach+0x530/0x530\n   ? new_sync_read+0x600/0x600\n   ? __fget_files+0x255/0x450\n   ? lock_downgrade+0x6e0/0x6e0\n   ? fput+0x30/0x1a0\n   ? ksys_write+0x1a8/0x260\n   __x64_sys_bpf+0x7a/0xc0\n   ? syscall_enter_from_user_mode+0x21/0x70\n   do_syscall_64+0x3b/0x90\n   entry_SYSCALL_64_after_hwframe+0x63/0xcd\n  RIP: 0033:0x7f917c4e2c2d\n\nThe problem here is that a range of tnum_range(0, map->max_entries - 1) has\nlimited ability to represent the concrete tight range with the tnum as the\nset of resulting states from value + mask can result in a superset of the\nactual intended range, and as such a tnum_in(range, reg->var_off) check may\nyield true when it shouldn't, for example tnum_range(0, 2) would result in\n00XX -> v = 0000, m = 0011 such that the intended set of {0, 1, 2} is here\nrepresented by a less precise superset of {0, 1, 2, 3}. As the register is\nknown const scalar, really just use the concrete reg->var_off.value for the\nupper index check.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-125","Out-of-bounds Read","The product reads data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-540","Overread Buffers",[],[],[],[],[27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57],{"_key":28},"SUSE-SU-2025:02308-1",{"_key":30},"SUSE-SU-2025:02264-1",{"_key":32},"SUSE-SU-2025:02537-1",{"_key":34},"SUSE-SU-2025:02320-1",{"_key":36},"SUSE-SU-2025:02321-1",{"_key":38},"SUSE-SU-2025:02322-1",{"_key":40},"RHSA-2025:15471",{"_key":42},"RHSA-2025:15472",{"_key":44},"RHSA-2025:17570",{"_key":46},"RHSA-2025:18043",{"_key":48},"DEBIAN-CVE-2022-49985",{"_key":50},"RHSA-2026:5693",{"_key":52},"RHSA-2026:5732",{"_key":54},"RHSA-2023:2458",{"_key":56},"RHSA-2025:22752",{"_key":58},"UBUNTU-CVE-2022-49985",[],[61,62,63,64,65,66],{"_key":28},{"_key":30},{"_key":32},{"_key":34},{"_key":36},{"_key":38},"2025-06-18T11:00:47.251Z","2026-05-11T19:10:30.979Z","Analyzed",{"cisa_kev":71,"cisa_ransomware":71,"cisa_vendor":9,"epss_severity":72,"epss_score":73,"severity":74,"severity_score":75,"severity_version":76,"severity_source":77,"severity_vector":78,"severity_status":69},false,"low",0.00067,"high",7.1,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",[80,86,90,94],{"url":81,"sources":82,"tags":84},"https://git.kernel.org/stable/c/e8979807178434db8ceaa84dfcd44363e71e50bb",[83,77],"cve.org",[85],"Patch",{"url":87,"sources":88,"tags":89},"https://git.kernel.org/stable/c/4f672112f8665102a5842c170be1713f8ff95919",[83,77],[85],{"url":91,"sources":92,"tags":93},"https://git.kernel.org/stable/c/a36df92c7ff7ecde2fb362241d0ab024dddd0597",[83,77],[85],{"url":95,"sources":96,"tags":97},"https://git.kernel.org/stable/c/a657182a5c5150cdfacb6640aad1d2712571a409",[83,77],[85],[],{"date":100,"score":73,"percentile":101},"2026-06-03",0.20882,[103,107,110,113,116,119,122,125,128,131,134,137,141,144,147,150,153,156,159,162,165,168,171,175,178,181,184,187,190,193,196,199,202,206,209,212,215,218,221,224,227,230,233,236,239,242,245,248,251,254,256,259,262,265,267,270,272,274,277,280,283,286,289,292,295,298,301,304,306,309,313,316,319,322,325,328,331,334,337,340,343,346,349,352,355,358,361,364,367,370],{"date":104,"score":105,"percentile":106},"2025-11-04",0.00034,0.09058,{"date":108,"score":105,"percentile":109},"2025-11-05",0.09067,{"date":111,"score":105,"percentile":112},"2025-11-06",0.09191,{"date":114,"score":105,"percentile":115},"2025-11-07",0.09207,{"date":117,"score":105,"percentile":118},"2025-11-08",0.09208,{"date":120,"score":105,"percentile":121},"2025-11-09",0.0918,{"date":123,"score":105,"percentile":124},"2025-11-10",0.09135,{"date":126,"score":105,"percentile":127},"2025-11-11",0.09161,{"date":129,"score":105,"percentile":130},"2025-11-12",0.09195,{"date":132,"score":105,"percentile":133},"2025-11-13",0.09235,{"date":135,"score":105,"percentile":136},"2025-11-14",0.09265,{"date":138,"score":139,"percentile":140},"2025-11-15",0.00022,0.04755,{"date":142,"score":139,"percentile":143},"2025-11-16",0.0477,{"date":145,"score":139,"percentile":146},"2025-11-17",0.04757,{"date":148,"score":139,"percentile":149},"2025-11-18",0.02867,{"date":151,"score":139,"percentile":152},"2025-11-19",0.02905,{"date":154,"score":139,"percentile":155},"2025-11-20",0.02954,{"date":157,"score":139,"percentile":158},"2025-11-21",0.04787,{"date":160,"score":139,"percentile":161},"2025-11-22",0.048,{"date":163,"score":139,"percentile":164},"2025-11-23",0.04793,{"date":166,"score":139,"percentile":167},"2025-11-24",0.04766,{"date":169,"score":139,"percentile":170},"2025-11-25",0.04775,{"date":172,"score":173,"percentile":174},"2025-11-26",0.00033,0.08709,{"date":176,"score":173,"percentile":177},"2025-11-27",0.08714,{"date":179,"score":173,"percentile":180},"2025-11-28",0.08693,{"date":182,"score":173,"percentile":183},"2025-11-29",0.08731,{"date":185,"score":173,"percentile":186},"2025-11-30",0.08743,{"date":188,"score":173,"percentile":189},"2025-12-01",0.08787,{"date":191,"score":173,"percentile":192},"2025-12-02",0.08804,{"date":194,"score":173,"percentile":195},"2025-12-03",0.08838,{"date":197,"score":173,"percentile":198},"2025-12-04",0.0884,{"date":200,"score":173,"percentile":201},"2025-12-05",0.08893,{"date":203,"score":204,"percentile":205},"2025-12-06",0.00016,0.02639,{"date":207,"score":204,"percentile":208},"2025-12-07",0.02649,{"date":210,"score":204,"percentile":211},"2025-12-08",0.02646,{"date":213,"score":204,"percentile":214},"2025-12-09",0.02666,{"date":216,"score":204,"percentile":217},"2025-12-10",0.02694,{"date":219,"score":204,"percentile":220},"2025-12-11",0.02699,{"date":222,"score":204,"percentile":223},"2025-12-12",0.02711,{"date":225,"score":204,"percentile":226},"2025-12-13",0.0268,{"date":228,"score":204,"percentile":229},"2025-12-14",0.02679,{"date":231,"score":204,"percentile":232},"2025-12-15",0.02673,{"date":234,"score":204,"percentile":235},"2025-12-16",0.02671,{"date":237,"score":204,"percentile":238},"2025-12-17",0.02686,{"date":240,"score":204,"percentile":241},"2025-12-18",0.02688,{"date":243,"score":204,"percentile":244},"2025-12-19",0.02695,{"date":246,"score":204,"percentile":247},"2025-12-20",0.0269,{"date":249,"score":204,"percentile":250},"2025-12-21",0.02691,{"date":252,"score":204,"percentile":253},"2025-12-22",0.02693,{"date":255,"score":204,"percentile":244},"2025-12-23",{"date":257,"score":204,"percentile":258},"2025-12-24",0.02698,{"date":260,"score":204,"percentile":261},"2025-12-25",0.02705,{"date":263,"score":204,"percentile":264},"2025-12-26",0.02708,{"date":266,"score":204,"percentile":250},"2025-12-27",{"date":268,"score":204,"percentile":269},"2025-12-28",0.02701,{"date":271,"score":204,"percentile":250},"2025-12-29",{"date":273,"score":204,"percentile":241},"2025-12-30",{"date":275,"score":204,"percentile":276},"2025-12-31",0.02683,{"date":278,"score":204,"percentile":279},"2026-01-01",0.0274,{"date":281,"score":204,"percentile":282},"2026-01-02",0.02738,{"date":284,"score":204,"percentile":285},"2026-01-03",0.02735,{"date":287,"score":204,"percentile":288},"2026-01-04",0.02672,{"date":290,"score":204,"percentile":291},"2026-01-05",0.02677,{"date":293,"score":204,"percentile":294},"2026-01-06",0.02674,{"date":296,"score":204,"percentile":297},"2026-01-07",0.02692,{"date":299,"score":204,"percentile":300},"2026-01-08",0.02721,{"date":302,"score":204,"percentile":303},"2026-01-09",0.02734,{"date":305,"score":204,"percentile":303},"2026-01-10",{"date":307,"score":204,"percentile":308},"2026-01-11",0.02718,{"date":310,"score":311,"percentile":312},"2026-01-12",0.00018,0.03768,{"date":314,"score":311,"percentile":315},"2026-01-13",0.03764,{"date":317,"score":311,"percentile":318},"2026-01-14",0.03778,{"date":320,"score":311,"percentile":321},"2026-01-15",0.03705,{"date":323,"score":311,"percentile":324},"2026-01-16",0.03679,{"date":326,"score":311,"percentile":327},"2026-01-17",0.03683,{"date":329,"score":311,"percentile":330},"2026-01-18",0.03657,{"date":332,"score":311,"percentile":333},"2026-01-19",0.03635,{"date":335,"score":311,"percentile":336},"2026-01-20",0.03615,{"date":338,"score":311,"percentile":339},"2026-01-21",0.03608,{"date":341,"score":311,"percentile":342},"2026-01-22",0.03611,{"date":344,"score":311,"percentile":345},"2026-01-23",0.03659,{"date":347,"score":311,"percentile":348},"2026-01-24",0.0369,{"date":350,"score":311,"percentile":351},"2026-01-25",0.0367,{"date":353,"score":311,"percentile":354},"2026-01-26",0.03654,{"date":356,"score":311,"percentile":357},"2026-01-27",0.03643,{"date":359,"score":311,"percentile":360},"2026-01-28",0.0363,{"date":362,"score":311,"percentile":363},"2026-01-29",0.03651,{"date":365,"score":311,"percentile":366},"2026-01-30",0.03652,{"date":368,"score":311,"percentile":369},"2026-01-31",0.03628,{"date":371,"score":311,"percentile":372},"2026-02-01",0.03722,[374],{"source":77,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":375,"cvss_v4_0":9},{"baseScore":75,"baseSeverity":376,"vectorString":78,"impactScore":377,"exploitabilityScore":378},"HIGH",8.7,4.6,[380,403],{"ecosystem":9,"name":381,"vendor":382,"product":382,"cpe_part":383,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":384},"Linux","linux","a",[385,392,395,398,401],{"version":386,"is_range":387,"range_type":83,"version_start":388,"version_start_type":389,"version_end":390,"version_end_type":391,"fixed_in":9},">= d2e4c1e6c2947269346054ac8937ccfe9e0bcc6b, \u003C e8979807178434db8ceaa84dfcd44363e71e50bb",true,"d2e4c1e6c2947269346054ac8937ccfe9e0bcc6b","including","e8979807178434db8ceaa84dfcd44363e71e50bb","excluding",{"version":393,"is_range":387,"range_type":83,"version_start":388,"version_start_type":389,"version_end":394,"version_end_type":391,"fixed_in":9},">= d2e4c1e6c2947269346054ac8937ccfe9e0bcc6b, \u003C 4f672112f8665102a5842c170be1713f8ff95919","4f672112f8665102a5842c170be1713f8ff95919",{"version":396,"is_range":387,"range_type":83,"version_start":388,"version_start_type":389,"version_end":397,"version_end_type":391,"fixed_in":9},">= d2e4c1e6c2947269346054ac8937ccfe9e0bcc6b, \u003C a36df92c7ff7ecde2fb362241d0ab024dddd0597","a36df92c7ff7ecde2fb362241d0ab024dddd0597",{"version":399,"is_range":387,"range_type":83,"version_start":388,"version_start_type":389,"version_end":400,"version_end_type":391,"fixed_in":9},">= d2e4c1e6c2947269346054ac8937ccfe9e0bcc6b, \u003C a657182a5c5150cdfacb6640aad1d2712571a409","a657182a5c5150cdfacb6640aad1d2712571a409",{"version":402,"is_range":71,"range_type":83,"version_start":402,"version_start_type":389,"version_end":402,"version_end_type":389,"fixed_in":9},"5.5",{"ecosystem":9,"name":404,"vendor":382,"product":405,"cpe_part":406,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":407},"linux kernel","linux_kernel","o",[408,412,416,420,422,424],{"version":409,"is_range":387,"range_type":410,"version_start":402,"version_start_type":389,"version_end":411,"version_end_type":391,"fixed_in":9},"gte5.5_lt5.10.140","cpe","5.10.140",{"version":413,"is_range":387,"range_type":410,"version_start":414,"version_start_type":389,"version_end":415,"version_end_type":391,"fixed_in":9},"gte5.11_lt5.15.64","5.11","5.15.64",{"version":417,"is_range":387,"range_type":410,"version_start":418,"version_start_type":389,"version_end":419,"version_end_type":391,"fixed_in":9},"gte5.16_lt5.19.6","5.16","5.19.6",{"version":421,"is_range":71,"range_type":410,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0:rc1",{"version":423,"is_range":71,"range_type":410,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0:rc2",{"version":425,"is_range":71,"range_type":410,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0:rc3"]