5.5

CVE-2022-50365

EPSS 0.02%
Veröffentlicht 17.09.2025 14:56:16
Zuletzt bearbeitet 10.12.2025 18:47:12
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

skbuff: Account for tail adjustment during pull operations

Extending the tail can have some unexpected side effects if a program uses
a helper like BPF_FUNC_skb_pull_data to read partial content beyond the
head skb headlen when all the skbs in the gso frag_list are linear with no
head_frag -

  kernel BUG at net/core/skbuff.c:4219!
  pc : skb_segment+0xcf4/0xd2c
  lr : skb_segment+0x63c/0xd2c
  Call trace:
   skb_segment+0xcf4/0xd2c
   __udp_gso_segment+0xa4/0x544
   udp4_ufo_fragment+0x184/0x1c0
   inet_gso_segment+0x16c/0x3a4
   skb_mac_gso_segment+0xd4/0x1b0
   __skb_gso_segment+0xcc/0x12c
   udp_rcv_segment+0x54/0x16c
   udp_queue_rcv_skb+0x78/0x144
   udp_unicast_rcv_skb+0x8c/0xa4
   __udp4_lib_rcv+0x490/0x68c
   udp_rcv+0x20/0x30
   ip_protocol_deliver_rcu+0x1b0/0x33c
   ip_local_deliver+0xd8/0x1f0
   ip_rcv+0x98/0x1a4
   deliver_ptype_list_skb+0x98/0x1ec
   __netif_receive_skb_core+0x978/0xc60

Fix this by marking these skbs as GSO_DODGY so segmentation can handle
the tail updates accordingly.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.9.194 < 4.9.337

Linux ≫ Linux Kernel Version >= 4.14.145 < 4.14.303

Linux ≫ Linux Kernel Version >= 4.19.74 < 4.19.270

Linux ≫ Linux Kernel Version >= 5.2.16 < 5.3

Linux ≫ Linux Kernel Version >= 5.3.1 < 5.4.229

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.163

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.86

Linux ≫ Linux Kernel Version >= 5.16 < 6.0.16

Linux ≫ Linux Kernel Version >= 6.1 < 6.1.2

Linux ≫ Linux Kernel Version5.3 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.032

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

https://git.kernel.org/stable/c/ff3743d00f41d803e6ab9334962b674f3b7fd0cb

Patch

https://git.kernel.org/stable/c/6ac417d71b80e74b002313fcd73f7e9008e8e457

Patch

https://git.kernel.org/stable/c/2d59f0ca153e9573ec4f140988c0ccca0eb4181b

Patch

https://git.kernel.org/stable/c/668dc454bcbd1da73605201ff43f988c70848215

Patch

https://git.kernel.org/stable/c/821be5a5ab09a40ba09cb5ba354f18cf7996fea0

Patch

https://git.kernel.org/stable/c/8fb773eed4909ef5dc1bbeb3629a337d3336df7e

Patch

https://git.kernel.org/stable/c/946dd5dc4fcc4123cdfe3942b20012c4448cf89a

Patch

https://git.kernel.org/stable/c/331615d837f4979eb91a336a223a5c7f7886ecd5

Patch

https://git.kernel.org/stable/c/2d7afdcbc9d32423f177ee12b7c93783aea338fb

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-50365

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50365

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50365

EUVD