Vulnerability-Lookup

CVE-2022-50365 (GCVE-0-2022-50365)

Vulnerability from cvelistv5 – Published: 2025-09-17 14:56 – Updated: 2026-01-14 18:42

Title

skbuff: Account for tail adjustment during pull operations

Summary

In the Linux kernel, the following vulnerability has been resolved: skbuff: Account for tail adjustment during pull operations Extending the tail can have some unexpected side effects if a program uses a helper like BPF_FUNC_skb_pull_data to read partial content beyond the head skb headlen when all the skbs in the gso frag_list are linear with no head_frag - kernel BUG at net/core/skbuff.c:4219! pc : skb_segment+0xcf4/0xd2c lr : skb_segment+0x63c/0xd2c Call trace: skb_segment+0xcf4/0xd2c __udp_gso_segment+0xa4/0x544 udp4_ufo_fragment+0x184/0x1c0 inet_gso_segment+0x16c/0x3a4 skb_mac_gso_segment+0xd4/0x1b0 __skb_gso_segment+0xcc/0x12c udp_rcv_segment+0x54/0x16c udp_queue_rcv_skb+0x78/0x144 udp_unicast_rcv_skb+0x8c/0xa4 __udp4_lib_rcv+0x490/0x68c udp_rcv+0x20/0x30 ip_protocol_deliver_rcu+0x1b0/0x33c ip_local_deliver+0xd8/0x1f0 ip_rcv+0x98/0x1a4 deliver_ptype_list_skb+0x98/0x1ec __netif_receive_skb_core+0x978/0xc60 Fix this by marking these skbs as GSO_DODGY so segmentation can handle the tail updates accordingly.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ff3743d00f41d803e…
	https://git.kernel.org/stable/c/6ac417d71b80e74b0…
	https://git.kernel.org/stable/c/2d59f0ca153e9573e…
	https://git.kernel.org/stable/c/668dc454bcbd1da73…
	https://git.kernel.org/stable/c/821be5a5ab09a40ba…
	https://git.kernel.org/stable/c/8fb773eed4909ef5d…
	https://git.kernel.org/stable/c/946dd5dc4fcc4123c…
	https://git.kernel.org/stable/c/331615d837f4979eb…
	https://git.kernel.org/stable/c/2d7afdcbc9d32423f…

Impacted products

Vendor

Product

Version

Linux

Affected: 162a5a8c3aff15c449e6b38355cdf80ab4f77a5a , < ff3743d00f41d803e6ab9334962b674f3b7fd0cb (git)
Affected: 55fb612bef7fd237fb70068e2b6ff1cd1543a8ef , < 6ac417d71b80e74b002313fcd73f7e9008e8e457 (git)
Affected: 821302dd0c51d29269ef73a595bdff294419e2cd , < 2d59f0ca153e9573ec4f140988c0ccca0eb4181b (git)
Affected: 3dcbdb134f329842a38f0e6797191b885ab00a00 , < 668dc454bcbd1da73605201ff43f988c70848215 (git)
Affected: 3dcbdb134f329842a38f0e6797191b885ab00a00 , < 821be5a5ab09a40ba09cb5ba354f18cf7996fea0 (git)
Affected: 3dcbdb134f329842a38f0e6797191b885ab00a00 , < 8fb773eed4909ef5dc1bbeb3629a337d3336df7e (git)
Affected: 3dcbdb134f329842a38f0e6797191b885ab00a00 , < 946dd5dc4fcc4123cdfe3942b20012c4448cf89a (git)
Affected: 3dcbdb134f329842a38f0e6797191b885ab00a00 , < 331615d837f4979eb91a336a223a5c7f7886ecd5 (git)
Affected: 3dcbdb134f329842a38f0e6797191b885ab00a00 , < 2d7afdcbc9d32423f177ee12b7c93783aea338fb (git)
Affected: 92984818ff8cfd97311a5e0ac27f148a00df2b54 (git)

Linux

Affected: 5.3
Unaffected: 0 , < 5.3 (semver)
Unaffected: 4.9.337 , ≤ 4.9.* (semver)
Unaffected: 4.14.303 , ≤ 4.14.* (semver)
Unaffected: 4.19.270 , ≤ 4.19.* (semver)
Unaffected: 5.4.229 , ≤ 5.4.* (semver)
Unaffected: 5.10.163 , ≤ 5.10.* (semver)
Unaffected: 5.15.86 , ≤ 5.15.* (semver)
Unaffected: 6.0.16 , ≤ 6.0.* (semver)
Unaffected: 6.1.2 , ≤ 6.1.* (semver)
Unaffected: 6.2 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-50365",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-14T18:34:36.825803Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-14T18:42:58.912Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/skbuff.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ff3743d00f41d803e6ab9334962b674f3b7fd0cb",
              "status": "affected",
              "version": "162a5a8c3aff15c449e6b38355cdf80ab4f77a5a",
              "versionType": "git"
            },
            {
              "lessThan": "6ac417d71b80e74b002313fcd73f7e9008e8e457",
              "status": "affected",
              "version": "55fb612bef7fd237fb70068e2b6ff1cd1543a8ef",
              "versionType": "git"
            },
            {
              "lessThan": "2d59f0ca153e9573ec4f140988c0ccca0eb4181b",
              "status": "affected",
              "version": "821302dd0c51d29269ef73a595bdff294419e2cd",
              "versionType": "git"
            },
            {
              "lessThan": "668dc454bcbd1da73605201ff43f988c70848215",
              "status": "affected",
              "version": "3dcbdb134f329842a38f0e6797191b885ab00a00",
              "versionType": "git"
            },
            {
              "lessThan": "821be5a5ab09a40ba09cb5ba354f18cf7996fea0",
              "status": "affected",
              "version": "3dcbdb134f329842a38f0e6797191b885ab00a00",
              "versionType": "git"
            },
            {
              "lessThan": "8fb773eed4909ef5dc1bbeb3629a337d3336df7e",
              "status": "affected",
              "version": "3dcbdb134f329842a38f0e6797191b885ab00a00",
              "versionType": "git"
            },
            {
              "lessThan": "946dd5dc4fcc4123cdfe3942b20012c4448cf89a",
              "status": "affected",
              "version": "3dcbdb134f329842a38f0e6797191b885ab00a00",
              "versionType": "git"
            },
            {
              "lessThan": "331615d837f4979eb91a336a223a5c7f7886ecd5",
              "status": "affected",
              "version": "3dcbdb134f329842a38f0e6797191b885ab00a00",
              "versionType": "git"
            },
            {
              "lessThan": "2d7afdcbc9d32423f177ee12b7c93783aea338fb",
              "status": "affected",
              "version": "3dcbdb134f329842a38f0e6797191b885ab00a00",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "92984818ff8cfd97311a5e0ac27f148a00df2b54",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/skbuff.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThan": "5.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.337",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.303",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.229",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.337",
                  "versionStartIncluding": "4.9.194",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.303",
                  "versionStartIncluding": "4.14.145",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.270",
                  "versionStartIncluding": "4.19.74",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.229",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.163",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.86",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.16",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.2",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.2.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nskbuff: Account for tail adjustment during pull operations\n\nExtending the tail can have some unexpected side effects if a program uses\na helper like BPF_FUNC_skb_pull_data to read partial content beyond the\nhead skb headlen when all the skbs in the gso frag_list are linear with no\nhead_frag -\n\n  kernel BUG at net/core/skbuff.c:4219!\n  pc : skb_segment+0xcf4/0xd2c\n  lr : skb_segment+0x63c/0xd2c\n  Call trace:\n   skb_segment+0xcf4/0xd2c\n   __udp_gso_segment+0xa4/0x544\n   udp4_ufo_fragment+0x184/0x1c0\n   inet_gso_segment+0x16c/0x3a4\n   skb_mac_gso_segment+0xd4/0x1b0\n   __skb_gso_segment+0xcc/0x12c\n   udp_rcv_segment+0x54/0x16c\n   udp_queue_rcv_skb+0x78/0x144\n   udp_unicast_rcv_skb+0x8c/0xa4\n   __udp4_lib_rcv+0x490/0x68c\n   udp_rcv+0x20/0x30\n   ip_protocol_deliver_rcu+0x1b0/0x33c\n   ip_local_deliver+0xd8/0x1f0\n   ip_rcv+0x98/0x1a4\n   deliver_ptype_list_skb+0x98/0x1ec\n   __netif_receive_skb_core+0x978/0xc60\n\nFix this by marking these skbs as GSO_DODGY so segmentation can handle\nthe tail updates accordingly."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-17T14:56:16.648Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ff3743d00f41d803e6ab9334962b674f3b7fd0cb"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ac417d71b80e74b002313fcd73f7e9008e8e457"
        },
        {
          "url": "https://git.kernel.org/stable/c/2d59f0ca153e9573ec4f140988c0ccca0eb4181b"
        },
        {
          "url": "https://git.kernel.org/stable/c/668dc454bcbd1da73605201ff43f988c70848215"
        },
        {
          "url": "https://git.kernel.org/stable/c/821be5a5ab09a40ba09cb5ba354f18cf7996fea0"
        },
        {
          "url": "https://git.kernel.org/stable/c/8fb773eed4909ef5dc1bbeb3629a337d3336df7e"
        },
        {
          "url": "https://git.kernel.org/stable/c/946dd5dc4fcc4123cdfe3942b20012c4448cf89a"
        },
        {
          "url": "https://git.kernel.org/stable/c/331615d837f4979eb91a336a223a5c7f7886ecd5"
        },
        {
          "url": "https://git.kernel.org/stable/c/2d7afdcbc9d32423f177ee12b7c93783aea338fb"
        }
      ],
      "title": "skbuff: Account for tail adjustment during pull operations",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50365",
    "datePublished": "2025-09-17T14:56:16.648Z",
    "dateReserved": "2025-09-17T14:53:06.995Z",
    "dateUpdated": "2026-01-14T18:42:58.912Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-50365\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-09-17T15:15:35.343\",\"lastModified\":\"2026-01-14T19:16:09.230\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nskbuff: Account for tail adjustment during pull operations\\n\\nExtending the tail can have some unexpected side effects if a program uses\\na helper like BPF_FUNC_skb_pull_data to read partial content beyond the\\nhead skb headlen when all the skbs in the gso frag_list are linear with no\\nhead_frag -\\n\\n  kernel BUG at net/core/skbuff.c:4219!\\n  pc : skb_segment+0xcf4/0xd2c\\n  lr : skb_segment+0x63c/0xd2c\\n  Call trace:\\n   skb_segment+0xcf4/0xd2c\\n   __udp_gso_segment+0xa4/0x544\\n   udp4_ufo_fragment+0x184/0x1c0\\n   inet_gso_segment+0x16c/0x3a4\\n   skb_mac_gso_segment+0xd4/0x1b0\\n   __skb_gso_segment+0xcc/0x12c\\n   udp_rcv_segment+0x54/0x16c\\n   udp_queue_rcv_skb+0x78/0x144\\n   udp_unicast_rcv_skb+0x8c/0xa4\\n   __udp4_lib_rcv+0x490/0x68c\\n   udp_rcv+0x20/0x30\\n   ip_protocol_deliver_rcu+0x1b0/0x33c\\n   ip_local_deliver+0xd8/0x1f0\\n   ip_rcv+0x98/0x1a4\\n   deliver_ptype_list_skb+0x98/0x1ec\\n   __netif_receive_skb_core+0x978/0xc60\\n\\nFix this by marking these skbs as GSO_DODGY so segmentation can handle\\nthe tail updates accordingly.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.9.194\",\"versionEndExcluding\":\"4.9.337\",\"matchCriteriaId\":\"020BB876-C6AE-4582-A743-C7FB8D7A76D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.14.145\",\"versionEndExcluding\":\"4.14.303\",\"matchCriteriaId\":\"06F68D31-6E03-46F0-9766-08004ED46454\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.19.74\",\"versionEndExcluding\":\"4.19.270\",\"matchCriteriaId\":\"5C5105F9-E0B2-402D-B397-0AC3D8B0CB42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.2.16\",\"versionEndExcluding\":\"5.3\",\"matchCriteriaId\":\"80972733-27F6-4503-8FB4-9B50F584F1CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.3.1\",\"versionEndExcluding\":\"5.4.229\",\"matchCriteriaId\":\"5F94E269-402E-4F4D-9A7A-62EB908B4BD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.163\",\"matchCriteriaId\":\"D05D31FC-BD74-4F9E-B1D8-9CED62BE6F65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.86\",\"matchCriteriaId\":\"47237296-55D1-4ED4-8075-D00FC85A61EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.0.16\",\"matchCriteriaId\":\"C720A569-3D93-4D77-95F6-E2B3A3267D9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1\",\"versionEndExcluding\":\"6.1.2\",\"matchCriteriaId\":\"77239F4B-6BB2-4B9E-A654-36A52396116C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D036D76E-AC69-4382-B4C1-8EDA1ABB2941\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2d59f0ca153e9573ec4f140988c0ccca0eb4181b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2d7afdcbc9d32423f177ee12b7c93783aea338fb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/331615d837f4979eb91a336a223a5c7f7886ecd5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/668dc454bcbd1da73605201ff43f988c70848215\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6ac417d71b80e74b002313fcd73f7e9008e8e457\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/821be5a5ab09a40ba09cb5ba354f18cf7996fea0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8fb773eed4909ef5dc1bbeb3629a337d3336df7e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/946dd5dc4fcc4123cdfe3942b20012c4448cf89a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ff3743d00f41d803e6ab9334962b674f3b7fd0cb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-50365\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-14T18:34:36.825803Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-14T18:34:31.771Z\"}}], \"cna\": {\"title\": \"skbuff: Account for tail adjustment during pull operations\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"162a5a8c3aff15c449e6b38355cdf80ab4f77a5a\", \"lessThan\": \"ff3743d00f41d803e6ab9334962b674f3b7fd0cb\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"55fb612bef7fd237fb70068e2b6ff1cd1543a8ef\", \"lessThan\": \"6ac417d71b80e74b002313fcd73f7e9008e8e457\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"821302dd0c51d29269ef73a595bdff294419e2cd\", \"lessThan\": \"2d59f0ca153e9573ec4f140988c0ccca0eb4181b\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"3dcbdb134f329842a38f0e6797191b885ab00a00\", \"lessThan\": \"668dc454bcbd1da73605201ff43f988c70848215\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"3dcbdb134f329842a38f0e6797191b885ab00a00\", \"lessThan\": \"821be5a5ab09a40ba09cb5ba354f18cf7996fea0\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"3dcbdb134f329842a38f0e6797191b885ab00a00\", \"lessThan\": \"8fb773eed4909ef5dc1bbeb3629a337d3336df7e\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"3dcbdb134f329842a38f0e6797191b885ab00a00\", \"lessThan\": \"946dd5dc4fcc4123cdfe3942b20012c4448cf89a\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"3dcbdb134f329842a38f0e6797191b885ab00a00\", \"lessThan\": \"331615d837f4979eb91a336a223a5c7f7886ecd5\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"3dcbdb134f329842a38f0e6797191b885ab00a00\", \"lessThan\": \"2d7afdcbc9d32423f177ee12b7c93783aea338fb\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"92984818ff8cfd97311a5e0ac27f148a00df2b54\", \"versionType\": \"git\"}], \"programFiles\": [\"net/core/skbuff.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.3\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.3\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.9.337\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.9.*\"}, {\"status\": \"unaffected\", \"version\": \"4.14.303\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.14.*\"}, {\"status\": \"unaffected\", \"version\": \"4.19.270\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.229\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.163\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.86\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.0.16\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.0.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.2\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.2\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"net/core/skbuff.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/ff3743d00f41d803e6ab9334962b674f3b7fd0cb\"}, {\"url\": \"https://git.kernel.org/stable/c/6ac417d71b80e74b002313fcd73f7e9008e8e457\"}, {\"url\": \"https://git.kernel.org/stable/c/2d59f0ca153e9573ec4f140988c0ccca0eb4181b\"}, {\"url\": \"https://git.kernel.org/stable/c/668dc454bcbd1da73605201ff43f988c70848215\"}, {\"url\": \"https://git.kernel.org/stable/c/821be5a5ab09a40ba09cb5ba354f18cf7996fea0\"}, {\"url\": \"https://git.kernel.org/stable/c/8fb773eed4909ef5dc1bbeb3629a337d3336df7e\"}, {\"url\": \"https://git.kernel.org/stable/c/946dd5dc4fcc4123cdfe3942b20012c4448cf89a\"}, {\"url\": \"https://git.kernel.org/stable/c/331615d837f4979eb91a336a223a5c7f7886ecd5\"}, {\"url\": \"https://git.kernel.org/stable/c/2d7afdcbc9d32423f177ee12b7c93783aea338fb\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nskbuff: Account for tail adjustment during pull operations\\n\\nExtending the tail can have some unexpected side effects if a program uses\\na helper like BPF_FUNC_skb_pull_data to read partial content beyond the\\nhead skb headlen when all the skbs in the gso frag_list are linear with no\\nhead_frag -\\n\\n  kernel BUG at net/core/skbuff.c:4219!\\n  pc : skb_segment+0xcf4/0xd2c\\n  lr : skb_segment+0x63c/0xd2c\\n  Call trace:\\n   skb_segment+0xcf4/0xd2c\\n   __udp_gso_segment+0xa4/0x544\\n   udp4_ufo_fragment+0x184/0x1c0\\n   inet_gso_segment+0x16c/0x3a4\\n   skb_mac_gso_segment+0xd4/0x1b0\\n   __skb_gso_segment+0xcc/0x12c\\n   udp_rcv_segment+0x54/0x16c\\n   udp_queue_rcv_skb+0x78/0x144\\n   udp_unicast_rcv_skb+0x8c/0xa4\\n   __udp4_lib_rcv+0x490/0x68c\\n   udp_rcv+0x20/0x30\\n   ip_protocol_deliver_rcu+0x1b0/0x33c\\n   ip_local_deliver+0xd8/0x1f0\\n   ip_rcv+0x98/0x1a4\\n   deliver_ptype_list_skb+0x98/0x1ec\\n   __netif_receive_skb_core+0x978/0xc60\\n\\nFix this by marking these skbs as GSO_DODGY so segmentation can handle\\nthe tail updates accordingly.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.9.337\", \"versionStartIncluding\": \"4.9.194\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.14.303\", \"versionStartIncluding\": \"4.14.145\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.19.270\", \"versionStartIncluding\": \"4.19.74\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.229\", \"versionStartIncluding\": \"5.3\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.163\", \"versionStartIncluding\": \"5.3\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.86\", \"versionStartIncluding\": \"5.3\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.0.16\", \"versionStartIncluding\": \"5.3\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.2\", \"versionStartIncluding\": \"5.3\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.2\", \"versionStartIncluding\": \"5.3\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"5.2.16\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-09-17T14:56:16.648Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-50365\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-14T18:42:58.912Z\", \"dateReserved\": \"2025-09-17T14:53:06.995Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2025-09-17T14:56:16.648Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

WID-SEC-W-2025-2087

Vulnerability from csaf_certbund - Published: 2025-09-17 22:00 - Updated: 2026-01-21 23:00

Summary

Linux Kernel: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff: Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder nicht näher beschriebene Auswirkungen zu erzielen.

Betroffene Betriebssysteme: - Linux

CVE-2022-50353

CVE-2022-50354

CVE-2022-50355

CVE-2022-50356

CVE-2022-50357

CVE-2022-50358

CVE-2022-50359

CVE-2022-50360

CVE-2022-50361

CVE-2022-50362

CVE-2022-50363

CVE-2022-50364

CVE-2022-50365

CVE-2022-50366

CVE-2022-50367

CVE-2022-50368

CVE-2022-50369

CVE-2022-50370

CVE-2022-50371

CVE-2022-50372

CVE-2022-50373

CVE-2022-50374

CVE-2023-53335

CVE-2023-53336

CVE-2023-53337

CVE-2023-53338

CVE-2023-53339

CVE-2023-53340

CVE-2023-53341

CVE-2023-53342

CVE-2023-53343

CVE-2023-53344

CVE-2023-53345

CVE-2023-53346

CVE-2023-53347

CVE-2023-53348

CVE-2023-53349

CVE-2023-53350

CVE-2023-53351

CVE-2023-53352

CVE-2023-53353

CVE-2023-53354

CVE-2023-53355

CVE-2023-53356

CVE-2023-53357

CVE-2023-53358

CVE-2023-53359

CVE-2023-53360

CVE-2023-53361

CVE-2023-53362

CVE-2023-53363

CVE-2023-53364

CVE-2023-53365

CVE-2023-53366

CVE-2023-53367

CVE-2023-53368

References

URL

FKIE_CVE-2022-50365

Vulnerability from fkie_nvd - Published: 2025-09-17 15:15 - Updated: 2026-01-14 19:16

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/2d59f0ca153e9573ec4f140988c0ccca0eb4181b	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/2d7afdcbc9d32423f177ee12b7c93783aea338fb	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/331615d837f4979eb91a336a223a5c7f7886ecd5	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/668dc454bcbd1da73605201ff43f988c70848215	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/6ac417d71b80e74b002313fcd73f7e9008e8e457	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/821be5a5ab09a40ba09cb5ba354f18cf7996fea0	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/8fb773eed4909ef5dc1bbeb3629a337d3336df7e	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/946dd5dc4fcc4123cdfe3942b20012c4448cf89a	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/ff3743d00f41d803e6ab9334962b674f3b7fd0cb	Patch

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	5.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "020BB876-C6AE-4582-A743-C7FB8D7A76D0",
              "versionEndExcluding": "4.9.337",
              "versionStartIncluding": "4.9.194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "06F68D31-6E03-46F0-9766-08004ED46454",
              "versionEndExcluding": "4.14.303",
              "versionStartIncluding": "4.14.145",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C5105F9-E0B2-402D-B397-0AC3D8B0CB42",
              "versionEndExcluding": "4.19.270",
              "versionStartIncluding": "4.19.74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "80972733-27F6-4503-8FB4-9B50F584F1CA",
              "versionEndExcluding": "5.3",
              "versionStartIncluding": "5.2.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F94E269-402E-4F4D-9A7A-62EB908B4BD7",
              "versionEndExcluding": "5.4.229",
              "versionStartIncluding": "5.3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05D31FC-BD74-4F9E-B1D8-9CED62BE6F65",
              "versionEndExcluding": "5.10.163",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "47237296-55D1-4ED4-8075-D00FC85A61EE",
              "versionEndExcluding": "5.15.86",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C720A569-3D93-4D77-95F6-E2B3A3267D9F",
              "versionEndExcluding": "6.0.16",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77239F4B-6BB2-4B9E-A654-36A52396116C",
              "versionEndExcluding": "6.1.2",
              "versionStartIncluding": "6.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "D036D76E-AC69-4382-B4C1-8EDA1ABB2941",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nskbuff: Account for tail adjustment during pull operations\n\nExtending the tail can have some unexpected side effects if a program uses\na helper like BPF_FUNC_skb_pull_data to read partial content beyond the\nhead skb headlen when all the skbs in the gso frag_list are linear with no\nhead_frag -\n\n  kernel BUG at net/core/skbuff.c:4219!\n  pc : skb_segment+0xcf4/0xd2c\n  lr : skb_segment+0x63c/0xd2c\n  Call trace:\n   skb_segment+0xcf4/0xd2c\n   __udp_gso_segment+0xa4/0x544\n   udp4_ufo_fragment+0x184/0x1c0\n   inet_gso_segment+0x16c/0x3a4\n   skb_mac_gso_segment+0xd4/0x1b0\n   __skb_gso_segment+0xcc/0x12c\n   udp_rcv_segment+0x54/0x16c\n   udp_queue_rcv_skb+0x78/0x144\n   udp_unicast_rcv_skb+0x8c/0xa4\n   __udp4_lib_rcv+0x490/0x68c\n   udp_rcv+0x20/0x30\n   ip_protocol_deliver_rcu+0x1b0/0x33c\n   ip_local_deliver+0xd8/0x1f0\n   ip_rcv+0x98/0x1a4\n   deliver_ptype_list_skb+0x98/0x1ec\n   __netif_receive_skb_core+0x978/0xc60\n\nFix this by marking these skbs as GSO_DODGY so segmentation can handle\nthe tail updates accordingly."
    }
  ],
  "id": "CVE-2022-50365",
  "lastModified": "2026-01-14T19:16:09.230",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-09-17T15:15:35.343",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/2d59f0ca153e9573ec4f140988c0ccca0eb4181b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/2d7afdcbc9d32423f177ee12b7c93783aea338fb"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/331615d837f4979eb91a336a223a5c7f7886ecd5"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/668dc454bcbd1da73605201ff43f988c70848215"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/6ac417d71b80e74b002313fcd73f7e9008e8e457"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/821be5a5ab09a40ba09cb5ba354f18cf7996fea0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/8fb773eed4909ef5dc1bbeb3629a337d3336df7e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/946dd5dc4fcc4123cdfe3942b20012c4448cf89a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/ff3743d00f41d803e6ab9334962b674f3b7fd0cb"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

SUSE-SU-2025:03614-1

Vulnerability from csaf_suse - Published: 2025-10-16 05:48 - Updated: 2025-10-16 05:48

Summary

Security update for the Linux Kernel

Severity

Important

Notes

Title of the patch: Security update for the Linux Kernel

Description of the patch: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968). - CVE-2022-50242: drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (bsc#1249696). - CVE-2022-50244: cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter() (bsc#1249647). - CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846). - CVE-2022-50258: wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (bsc#1249947). - CVE-2022-50265: kcm: annotate data-races around kcm->rx_wait (bsc#1249744). - CVE-2022-50278: PNP: fix name memory leak in pnp_alloc_dev() (bsc#1249715). - CVE-2022-50285: mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages (bsc#1249803). - CVE-2022-50288: qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (bsc#1249802). - CVE-2022-50291: kcm: annotate data-races around kcm->rx_psock (bsc#1249798). - CVE-2022-50294: wifi: libertas: fix memory leak in lbs_init_adapter() (bsc#1249799). - CVE-2022-50297: wifi: ath9k: verify the expected usb_endpoints are present (bsc#1250250). - CVE-2022-50304: mm: export bdi_unregister (bsc#1249725). - CVE-2022-50311: cxl: Fix refcount leak in cxl_calc_capp_routing (bsc#1249720). - CVE-2022-50312: drivers: serial: jsm: fix some leaks in probe (bsc#1249716). - CVE-2022-50321: wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (bsc#1249706). - CVE-2022-50330: crypto: cavium - prevent integer overflow loading firmware (bsc#1249700). - CVE-2022-50349: misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (bsc#1249920). - CVE-2022-50352: net: hns: fix possible memory leak in hnae_ae_register() (bsc#1249922). - CVE-2022-50359: media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (bsc#1250269). - CVE-2022-50365: skbuff: Account for tail adjustment during pull operations (bsc#1250084). - CVE-2022-50375: tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (bsc#1250132). - CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free (bsc#1250301). - CVE-2022-50396: net: sched: fix memory leak in tcindex_set_parms (bsc#1250104). - CVE-2022-50402: drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (bsc#1250363). - CVE-2022-50405: net/tunnel: wait until all sk_user_data reader finish before releasing the sock (bsc#1250155). - CVE-2022-50406: iomap: iomap: fix memory corruption when recording errors during writeback (bsc#1250165). - CVE-2022-50408: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (bsc#1250391). - CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392). - CVE-2022-50419: Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (bsc#1250394). - CVE-2023-53148: igb: Do not bring the device up after non-fatal error (bsc#1249842). - CVE-2023-53153: wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (bsc#1249877). - CVE-2023-53176: serial: 8250: Fix oops for port->pm on uart_change_pm() (bsc#1249991). - CVE-2023-53178: mm: zswap: fix missing folio cleanup in writeback race path (bsc#1249827 git-fix). - CVE-2023-53199: wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (bsc#1249683). - CVE-2023-53201: RDMA/bnxt_re: wraparound mbox producer index (bsc#1249687). - CVE-2023-53226: wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (bsc#1249658). - CVE-2023-53248: drm/amdgpu: install stub fence into potential unused fence pointers (bsc#1249779). - CVE-2023-53254: drivers: base: cacheinfo: Fix shared_cpu_map changes in event of CPU hotplug (bsc#1249871). - CVE-2023-53272: net: ena: fix shift-out-of-bounds in exponential backoff (bsc#1249917). - CVE-2023-53277: wifi: iwl3945: Add missing check for create_singlethread_workqueue (bsc#1249936). - CVE-2023-53288: drm/client: Fix memory leak in drm_client_modeset_probe (bsc#1250058). - CVE-2023-53298: nfc: fix memory leak of se_io context in nfc_genl_se_io (bsc#1249944). - CVE-2023-53302: wifi: iwl4965: Add missing check for create_singlethread_workqueue() (bsc#1249958). - CVE-2023-53305: Bluetooth: L2CAP: Fix use-after-free (bsc#1250049). - CVE-2023-53309: drm/radeon: Fix integer overflow in radeon_cs_parser_init (bsc#1250055). - CVE-2023-53317: ext4: fix WARNING in mb_find_extent (bsc#1250081). - CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313). - CVE-2023-53335: RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish() (bsc#1250072). - CVE-2023-53344: can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (bsc#1250023). - CVE-2023-53348: btrfs: fix deadlock when aborting transaction during relocation with scrub (bsc#1250018). - CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988). - CVE-2023-53384: wifi: mwifiex: avoid possible NULL skb pointer dereference (bsc#1250127). - CVE-2023-53393: RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (bsc#1250114). - CVE-2023-53395: ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer (bsc#1250358). - CVE-2023-53397: modpost: fix off by one in is_executable_section() (bsc#1250125). - CVE-2023-53400: ALSA: hda: Fix Oops by 9.1 surround channel names (bsc#1250328). - CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180). - CVE-2023-53441: bpf: cpumap: Fix memory leak in cpu_map_update_elem (bsc#1250150). - CVE-2024-53194: PCI: Fix use-after-free of slot->bus on hot remove (bsc#1235459). - CVE-2024-58240: tls: separate no-async decryption request handling from async (bsc#1248847). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199). - CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255). - CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399). - CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365). - CVE-2025-38602: wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (bsc#1248341). - CVE-2025-38604: wifi: rtl818x: Kill URBs before clearing tx status queue (bsc#1248333). - CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610). - CVE-2025-38624: PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1248617). - CVE-2025-38632: pinmux: fix race causing mux_owner NULL with active mux_usecount (bsc#1248669). - CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674). - CVE-2025-38665: can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (bsc#1248648). - CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220). - CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258). - CVE-2025-38702: fbdev: fix potential buffer overflow in do_register_framebuffer() (bsc#1249254). - CVE-2025-38705: drm/amd/pm: fix null pointer access (bsc#1249334). - CVE-2025-38712: hfsplus: do not use BUG_ON() in hfsplus_create_attributes_file() (bsc#1249194). - CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200). - CVE-2025-38729: ALSA: usb-audio: Validate UAC3 power domain descriptors, too (bsc#1249164). - CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288). - CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39705: drm/amd/display: fix a Null pointer dereference vulnerability (bsc#1249295). - CVE-2025-39706: drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (bsc#1249413). - CVE-2025-39726: s390/ism: fix concurrency management in ism_cmd() (bsc#1249266). - CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538). - CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524). - CVE-2025-39757: ALSA: usb-audio: Fix size validation in convert_chmap_v3() (bsc#1249515). - CVE-2025-39760: usb: core: config: Prevent OOB read in SS endpoint companion parsing (bsc#1249598). - CVE-2025-39763: ACPICA: Fix error code path in acpi_ds_call_control_method() (bsc#1249615). - CVE-2025-39764: netfilter: ctnetlink: remove refcounting in expectation dumpers (bsc#1249513). - CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504). - CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526). - CVE-2025-39787: soc: qcom: mdt_loader: Deal with zero e_shentsize (bsc#1249545). - CVE-2025-39800: btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (bsc#1250177). - CVE-2025-39808: HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (bsc#1250088). - CVE-2025-39824: HID: asus: fix UAF via HID_CLAIMED_INPUT validation (bsc#1250007). - CVE-2025-39833: mISDN: hfcpci: Fix warning when deleting uninitialized timer (bsc#1250028). - CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365). - CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292). - CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275). - CVE-2025-39860: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (bsc#1250247). - CVE-2025-39863: wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (bsc#1250281). - CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294). - CVE-2025-39869: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (bsc#1250406). - CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407). - CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483). The following non-security bugs were fixed: - Bluetooth: hci_core: Fix calling mgmt_device_connected (git-fixes). - CONFIG & no reference -> OK temporarily, must be resolved eventually - Do not self obsolete older kernel variants - Limit patch filenames to 100 characters (bsc#1249604). - build_bug.h: Add KABI assert (bsc#1249186). - build_bug.h: add wrapper for _Static_assert (bsc#1249186). - dma-buf: add dma_fence_get_stub (bsc#1249779) - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346). - l2tp: remove unused list_head member in l2tp_tunnel (git-fixes). - pptp: fix pptp_xmit() error path (git-fixes). - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - tipc: improve function tipc_wait_for_cond() (bsc#1249037). - use uniform permission checks for all mount propagation changes (git-fixes). - x86/tsc: Append the 'tsc=' description for the 'tsc=unstable' boot parameter (git-fixes).

Patchnames: SUSE-2025-3614,SUSE-SLE-Live-Patching-12-SP5-2025-3614,SUSE-SLE-SERVER-12-SP5-LTSS-2025-3614,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3614

CVE-2022-36280

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H