GHSA-XCCR-4P75-VP7C

Vulnerability from github – Published: 2025-12-24 12:30 – Updated: 2025-12-24 12:30
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

net/ieee802154: don't warn zero-sized raw_sendmsg()

syzbot is hitting skb_assert_len() warning at __dev_queue_xmit() [1], for PF_IEEE802154 socket's zero-sized raw_sendmsg() request is hitting __dev_queue_xmit() with skb->len == 0.

Since PF_IEEE802154 socket's zero-sized raw_sendmsg() request was able to return 0, don't call __dev_queue_xmit() if packet length is 0.

#include #include

int main(int argc, char *argv[]) { struct sockaddr_in addr = { .sin_family = AF_INET, .sin_addr.s_addr = htonl(INADDR_LOOPBACK) }; struct iovec iov = { }; struct msghdr hdr = { .msg_name = &addr, .msg_namelen = sizeof(addr), .msg_iov = &iov, .msg_iovlen = 1 }; sendmsg(socket(PF_IEEE802154, SOCK_RAW, 0), &hdr, 0); return 0; }

Note that this might be a sign that commit fd1894224407c484 ("bpf: Don't redirect packets with invalid pkt_len") should be reverted, for skb->len == 0 was acceptable for at least PF_IEEE802154 socket.

Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-50706"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-24T11:15:50Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/ieee802154: don\u0027t warn zero-sized raw_sendmsg()\n\nsyzbot is hitting skb_assert_len() warning at __dev_queue_xmit() [1],\nfor PF_IEEE802154 socket\u0027s zero-sized raw_sendmsg() request is hitting\n__dev_queue_xmit() with skb-\u003elen == 0.\n\nSince PF_IEEE802154 socket\u0027s zero-sized raw_sendmsg() request was\nable to return 0, don\u0027t call __dev_queue_xmit() if packet length is 0.\n\n  ----------\n  #include \u003csys/socket.h\u003e\n  #include \u003cnetinet/in.h\u003e\n\n  int main(int argc, char *argv[])\n  {\n    struct sockaddr_in addr = { .sin_family = AF_INET, .sin_addr.s_addr = htonl(INADDR_LOOPBACK) };\n    struct iovec iov = { };\n    struct msghdr hdr = { .msg_name = \u0026addr, .msg_namelen = sizeof(addr), .msg_iov = \u0026iov, .msg_iovlen = 1 };\n    sendmsg(socket(PF_IEEE802154, SOCK_RAW, 0), \u0026hdr, 0);\n    return 0;\n  }\n  ----------\n\nNote that this might be a sign that commit fd1894224407c484 (\"bpf: Don\u0027t\nredirect packets with invalid pkt_len\") should be reverted, for\nskb-\u003elen == 0 was acceptable for at least PF_IEEE802154 socket.",
  "id": "GHSA-xccr-4p75-vp7c",
  "modified": "2025-12-24T12:30:26Z",
  "published": "2025-12-24T12:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50706"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/34f31a2b667914ab701ca725554a0b447809d7ef"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4a36de8947794fa21435d1e916e089095f3246a8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/791489a5c56396ddfed75fc525066d4738dace46"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9974d220c5073d035b5469d1d8ecd71da86c7afd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b12e924a2f5b960373459c8f8a514f887adf5cac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/df0da3fc131132b6c32a15c4da4ffa3a5aea1af2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.