CVE-2022-50356

EPSS 0.02%
Veröffentlicht 17.09.2025 14:56:09
Zuletzt bearbeitet 18.09.2025 13:43:34
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

net: sched: sfb: fix null pointer access issue when sfb_init() fails

When the default qdisc is sfb, if the qdisc of dev_queue fails to be
inited during mqprio_init(), sfb_reset() is invoked to clear resources.
In this case, the q->qdisc is NULL, and it will cause gpf issue.

The process is as follows:
qdisc_create_dflt()
	sfb_init()
		tcf_block_get()          --->failed, q->qdisc is NULL
	...
	qdisc_put()
		...
		sfb_reset()
			qdisc_reset(q->qdisc)    --->q->qdisc is NULL
				ops = qdisc->ops

The following is the Call Trace information:
general protection fault, probably for non-canonical address
0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
RIP: 0010:qdisc_reset+0x2b/0x6f0
Call Trace:
<TASK>
sfb_reset+0x37/0xd0
qdisc_reset+0xed/0x6f0
qdisc_destroy+0x82/0x4c0
qdisc_put+0x9e/0xb0
qdisc_create_dflt+0x2c3/0x4a0
mqprio_init+0xa71/0x1760
qdisc_create+0x3eb/0x1000
tc_modify_qdisc+0x408/0x1720
rtnetlink_rcv_msg+0x38e/0xac0
netlink_rcv_skb+0x12d/0x3a0
netlink_unicast+0x4a2/0x740
netlink_sendmsg+0x826/0xcc0
sock_sendmsg+0xc5/0x100
____sys_sendmsg+0x583/0x690
___sys_sendmsg+0xe8/0x160
__sys_sendmsg+0xbf/0x160
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f2164122d04
</TASK>

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < ded86c4191a3c17f8200d17a7d8a6f63b74554ae

Version e13e02a3c68d899169c78d9a18689bd73491d59a

Status affected

Version < c2e1e59d59fafe297779ceae1fe0e6fbebc3e745

Version e13e02a3c68d899169c78d9a18689bd73491d59a

Status affected

Version < 723399af2795fb95687a531c9480464b5f489333

Version e13e02a3c68d899169c78d9a18689bd73491d59a

Status affected

Version < 2a3fc78210b9f0e85372a2435368962009f480fc

Version e13e02a3c68d899169c78d9a18689bd73491d59a

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.39

Status affected

Version < 2.6.39

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.152

Status unaffected

Version <= 5.15.*

Version 5.15.76

Status unaffected

Version <= 6.0.*

Version 6.0.6

Status unaffected

Version <= *

Version 6.1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.046

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/ded86c4191a3c17f8200d17a7d8a6f63b74554ae

https://git.kernel.org/stable/c/c2e1e59d59fafe297779ceae1fe0e6fbebc3e745

https://git.kernel.org/stable/c/723399af2795fb95687a531c9480464b5f489333

https://git.kernel.org/stable/c/2a3fc78210b9f0e85372a2435368962009f480fc

https://nvd.nist.gov/vuln/detail/CVE-2022-50356

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50356

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50356

EUVD