Login Sign Up

CVE-2022-23066

9.1 CRITICAL

📋 TL;DR

This vulnerability in Solana's rBPF virtual machine involves an incorrect implementation of the signed division (sdiv) instruction, causing miscalculations that can lead to wrong execution paths. This could result in improper token transfers or other unintended blockchain operations, affecting the integrity and availability of Solana-based applications. Anyone using affected rBPF versions in Solana validators or smart contracts is impacted.

💻 Affected Systems

Products:
  • Solana rBPF virtual machine
Versions: 0.2.26 and 0.2.27
Operating Systems: All platforms running Solana
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Solana validators and any applications using the vulnerable rBPF versions for smart contract execution.

📦 What is this software?

Rbpf by Solana

View all CVEs affecting Rbpf →

Rbpf by Solana

View all CVEs affecting Rbpf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious actors could exploit the incorrect sdiv calculation to bypass token transfer validation, potentially draining funds from vulnerable smart contracts or causing consensus failures across the Solana network.

🟠

Likely Case

Smart contracts relying on sdiv calculations for conditional logic could execute unintended operations, leading to incorrect token transfers or contract state corruption.

🟢

If Mitigated

With proper monitoring and rapid patching, impact is limited to temporary transaction validation issues that can be rolled back or corrected.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting specific smart contracts that trigger the incorrect sdiv calculation, but no public proof-of-concept has been released.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: rBPF 0.2.28 and later

Vendor Advisory: https://github.com/solana-labs/rbpf/commit/e61e045f8c244de978401d186dcfd50838817297

Restart Required: Yes

Instructions:

1. Update Solana to version 1.10.29 or later. 2. Ensure rBPF dependency is updated to 0.2.28+. 3. Restart validator nodes. 4. Redeploy affected smart contracts.

🔧 Temporary Workarounds

Disable vulnerable smart contracts

all

Temporarily pause or disable smart contracts that use sdiv operations until patched.

🧯 If You Can't Patch

  • Implement strict monitoring for unusual token transfers or contract executions
  • Consider temporarily reducing validator participation to limit potential impact

🔍 How to Verify

Check if Vulnerable:

Check rBPF version in Solana validator logs or configuration: grep -i 'rbpf' solana-validator.log

Check Version:

solana --version

Verify Fix Applied:

Verify Solana version is 1.10.29+ and rBPF is 0.2.28+: solana --version && check Cargo.toml for rBPF dependency

📡 Detection & Monitoring

Log Indicators:

  • Unexpected sdiv calculation errors
  • Smart contract execution failures
  • Validator consensus anomalies

Network Indicators:

  • Unusual token transfer patterns
  • Increased transaction failures

SIEM Query:

source="solana-validator.log" AND ("sdiv" OR "division" OR "calculation error")

📊 Metadata

CVE ID: CVE-2022-23066
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE: CWE-682
Published: May 9, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23066, you might also want to check these:

CVE-2023-2163 10.0

A Linux kernel vulnerability in the BPF verifier incorrectly marks unsafe code paths as safe, allowi...

Same vulnerability type (CWE-682)
CVE-2026-1229 9.8

A cryptographic vulnerability in CIRCL's P-384 elliptic curve implementation produces incorrect Comb...

Same vulnerability type (CWE-682)
CVE-2024-36736 9.8

CVE-2024-36736 is a critical vulnerability in OneFlow's permute component that causes incorrect calc...

Same vulnerability type (CWE-682)