-
CVE-2022-50555
- EPSS 0.02%
- Veröffentlicht 07.10.2025 15:21:16
- Zuletzt bearbeitet 07.10.2025 16:15:43
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved: tipc: fix a null-ptr-deref in tipc_topsrv_accept syzbot found a crash in tipc_topsrv_accept: KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] Workqueue: tipc_rcv tipc_topsrv_accept RIP: 0010:kernel_accept+0x22d/0x350 net/socket.c:3487 Call Trace: <TASK> tipc_topsrv_accept+0x197/0x280 net/tipc/topsrv.c:460 process_one_work+0x991/0x1610 kernel/workqueue.c:2289 worker_thread+0x665/0x1080 kernel/workqueue.c:2436 kthread+0x2e4/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 It was caused by srv->listener that might be set to null by tipc_topsrv_stop() in net .exit whereas it's still used in tipc_topsrv_accept() worker. srv->listener is protected by srv->idr_lock in tipc_topsrv_stop(), so add a check for srv->listener under srv->idr_lock in tipc_topsrv_accept() to avoid the null-ptr-deref. To ensure the lsock is not released during the tipc_topsrv_accept(), move sock_release() after tipc_topsrv_work_stop() where it's waiting until the tipc_topsrv_accept worker to be done. Note that sk_callback_lock is used to protect sk->sk_user_data instead of srv->listener, and it should check srv in tipc_topsrv_listener_data_ready() instead. This also ensures that no more tipc_topsrv_accept worker will be started after tipc_conn_close() is called in tipc_topsrv_stop() where it sets sk->sk_user_data to null.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
ce69bdac2310152bb70845024d5d704c52aabfc3
Version
0ef897be12b8b4cf297b6016e79ec97ec90f2cf6
Status
affected
Version <
24b129aed8730e48f47d852d58d76825ab6f407c
Version
0ef897be12b8b4cf297b6016e79ec97ec90f2cf6
Status
affected
Version <
32a3d4660b34ce49ac0162338ebe362098e2f5df
Version
0ef897be12b8b4cf297b6016e79ec97ec90f2cf6
Status
affected
Version <
7a939503fc32bff4ed60800b73ff7fbb4aea2142
Version
0ef897be12b8b4cf297b6016e79ec97ec90f2cf6
Status
affected
Version <
cedb41664e27b2cae7e21487f1bee22dcd84037d
Version
0ef897be12b8b4cf297b6016e79ec97ec90f2cf6
Status
affected
Version <
82cb4e4612c633a9ce320e1773114875604a3cce
Version
0ef897be12b8b4cf297b6016e79ec97ec90f2cf6
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
4.17
Status
affected
Version <
4.17
Version
0
Status
unaffected
Version <=
4.19.*
Version
4.19.264
Status
unaffected
Version <=
5.4.*
Version
5.4.223
Status
unaffected
Version <=
5.10.*
Version
5.10.153
Status
unaffected
Version <=
5.15.*
Version
5.15.77
Status
unaffected
Version <=
6.0.*
Version
6.0.7
Status
unaffected
Version <=
*
Version
6.1
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.053 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|