-
CVE-2022-50405
- EPSS 0.04%
- Published 18.09.2025 16:15:43
- Last modified 19.09.2025 16:00:27
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved:
net/tunnel: wait until all sk_user_data reader finish before releasing the sock
There is a race condition in vxlan that when deleting a vxlan device
during receiving packets, there is a possibility that the sock is
released after getting vxlan_sock vs from sk_user_data. Then in
later vxlan_ecn_decapsulate(), vxlan_get_sk_family() we will got
NULL pointer dereference. e.g.
#0 [ffffa25ec6978a38] machine_kexec at ffffffff8c669757
#1 [ffffa25ec6978a90] __crash_kexec at ffffffff8c7c0a4d
#2 [ffffa25ec6978b58] crash_kexec at ffffffff8c7c1c48
#3 [ffffa25ec6978b60] oops_end at ffffffff8c627f2b
#4 [ffffa25ec6978b80] page_fault_oops at ffffffff8c678fcb
#5 [ffffa25ec6978bd8] exc_page_fault at ffffffff8d109542
#6 [ffffa25ec6978c00] asm_exc_page_fault at ffffffff8d200b62
[exception RIP: vxlan_ecn_decapsulate+0x3b]
RIP: ffffffffc1014e7b RSP: ffffa25ec6978cb0 RFLAGS: 00010246
RAX: 0000000000000008 RBX: ffff8aa000888000 RCX: 0000000000000000
RDX: 000000000000000e RSI: ffff8a9fc7ab803e RDI: ffff8a9fd1168700
RBP: ffff8a9fc7ab803e R8: 0000000000700000 R9: 00000000000010ae
R10: ffff8a9fcb748980 R11: 0000000000000000 R12: ffff8a9fd1168700
R13: ffff8aa000888000 R14: 00000000002a0000 R15: 00000000000010ae
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#7 [ffffa25ec6978ce8] vxlan_rcv at ffffffffc10189cd [vxlan]
#8 [ffffa25ec6978d90] udp_queue_rcv_one_skb at ffffffff8cfb6507
#9 [ffffa25ec6978dc0] udp_unicast_rcv_skb at ffffffff8cfb6e45
#10 [ffffa25ec6978dc8] __udp4_lib_rcv at ffffffff8cfb8807
#11 [ffffa25ec6978e20] ip_protocol_deliver_rcu at ffffffff8cf76951
#12 [ffffa25ec6978e48] ip_local_deliver at ffffffff8cf76bde
#13 [ffffa25ec6978ea0] __netif_receive_skb_one_core at ffffffff8cecde9b
#14 [ffffa25ec6978ec8] process_backlog at ffffffff8cece139
#15 [ffffa25ec6978f00] __napi_poll at ffffffff8ceced1a
#16 [ffffa25ec6978f28] net_rx_action at ffffffff8cecf1f3
#17 [ffffa25ec6978fa0] __softirqentry_text_start at ffffffff8d4000ca
#18 [ffffa25ec6978ff0] do_softirq at ffffffff8c6fbdc3
Reproducer: https://github.com/Mellanox/ovs-tests/blob/master/test-ovs-vxlan-remove-tunnel-during-traffic.sh
Fix this by waiting for all sk_user_data reader to finish before
releasing the sock.Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
e8316584b0a6c61c9c407631040c22712b26e38c
Version
6a93cc9052748c6355ec9d5b6c38b77f85f1cb0d
Status
affected
Version <
84e566d157cc22ad2da8bdd970495855fbf13d92
Version
6a93cc9052748c6355ec9d5b6c38b77f85f1cb0d
Status
affected
Version <
be34e79e0ae6adbf6e7e75ddaee9ad84795ab933
Version
6a93cc9052748c6355ec9d5b6c38b77f85f1cb0d
Status
affected
Version <
303000c793f705d07b551eb7c1c27001c5b33c8d
Version
6a93cc9052748c6355ec9d5b6c38b77f85f1cb0d
Status
affected
Version <
91f09a776ae335ca836ed864b8f2a9461882a280
Version
6a93cc9052748c6355ec9d5b6c38b77f85f1cb0d
Status
affected
Version <
9a6544343bba7da929d6d4a2dc44ec0f15970081
Version
6a93cc9052748c6355ec9d5b6c38b77f85f1cb0d
Status
affected
Version <
b38aa7465411795e9e744b8d94633910497fec2a
Version
6a93cc9052748c6355ec9d5b6c38b77f85f1cb0d
Status
affected
Version <
588d0b8462f5ffed3e677e65639825b2678117ab
Version
6a93cc9052748c6355ec9d5b6c38b77f85f1cb0d
Status
affected
Version <
3cf7203ca620682165706f70a1b12b5194607dce
Version
6a93cc9052748c6355ec9d5b6c38b77f85f1cb0d
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version
3.18
Status
affected
Version <
3.18
Version
0
Status
unaffected
Version <=
4.9.*
Version
4.9.337
Status
unaffected
Version <=
4.14.*
Version
4.14.303
Status
unaffected
Version <=
4.19.*
Version
4.19.270
Status
unaffected
Version <=
5.4.*
Version
5.4.229
Status
unaffected
Version <=
5.10.*
Version
5.10.163
Status
unaffected
Version <=
5.15.*
Version
5.15.86
Status
unaffected
Version <=
6.0.*
Version
6.0.16
Status
unaffected
Version <=
6.1.*
Version
6.1.2
Status
unaffected
Version <=
*
Version
6.2
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.127 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|