CVE-2022-50706

EPSS 0.04%
Veröffentlicht 24.12.2025 10:55:20
Zuletzt bearbeitet 29.12.2025 15:58:56
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

net/ieee802154: don't warn zero-sized raw_sendmsg()

syzbot is hitting skb_assert_len() warning at __dev_queue_xmit() [1],
for PF_IEEE802154 socket's zero-sized raw_sendmsg() request is hitting
__dev_queue_xmit() with skb->len == 0.

Since PF_IEEE802154 socket's zero-sized raw_sendmsg() request was
able to return 0, don't call __dev_queue_xmit() if packet length is 0.

  ----------
  #include <sys/socket.h>
  #include <netinet/in.h>

  int main(int argc, char *argv[])
  {
    struct sockaddr_in addr = { .sin_family = AF_INET, .sin_addr.s_addr = htonl(INADDR_LOOPBACK) };
    struct iovec iov = { };
    struct msghdr hdr = { .msg_name = &addr, .msg_namelen = sizeof(addr), .msg_iov = &iov, .msg_iovlen = 1 };
    sendmsg(socket(PF_IEEE802154, SOCK_RAW, 0), &hdr, 0);
    return 0;
  }
  ----------

Note that this might be a sign that commit fd1894224407c484 ("bpf: Don't
redirect packets with invalid pkt_len") should be reverted, for
skb->len == 0 was acceptable for at least PF_IEEE802154 socket.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 4a36de8947794fa21435d1e916e089095f3246a8

Version 8b68e53d56697a59b5c53893b53f508bbdf272a0

Status affected

Version < 791489a5c56396ddfed75fc525066d4738dace46

Version 6204bf78b2a903b96ba43afff6abc0b04d6e0462

Status affected

Version < 34f31a2b667914ab701ca725554a0b447809d7ef

Version a75987714bd2d8e59840667a28e15c1fa5c47554

Status affected

Version < df0da3fc131132b6c32a15c4da4ffa3a5aea1af2

Version 72f2dc8993f10262092745a88cb2dd0fef094f23

Status affected

Version < 9974d220c5073d035b5469d1d8ecd71da86c7afd

Version fd1894224407c484f652ad456e1ce423e89bb3eb

Status affected

Version < b12e924a2f5b960373459c8f8a514f887adf5cac

Version fd1894224407c484f652ad456e1ce423e89bb3eb

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.0

Status affected

Version < 6.0

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.220

Status unaffected

Version <= 5.10.*

Version 5.10.150

Status unaffected

Version <= 5.15.*

Version 5.15.75

Status unaffected

Version <= 5.19.*

Version 5.19.17

Status unaffected

Version <= 6.0.*

Version 6.0.3

Status unaffected

Version <= *

Version 6.1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.1

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/4a36de8947794fa21435d1e916e089095f3246a8

https://git.kernel.org/stable/c/791489a5c56396ddfed75fc525066d4738dace46

https://git.kernel.org/stable/c/34f31a2b667914ab701ca725554a0b447809d7ef

https://git.kernel.org/stable/c/df0da3fc131132b6c32a15c4da4ffa3a5aea1af2

https://git.kernel.org/stable/c/9974d220c5073d035b5469d1d8ecd71da86c7afd

https://git.kernel.org/stable/c/b12e924a2f5b960373459c8f8a514f887adf5cac

https://nvd.nist.gov/vuln/detail/CVE-2022-50706

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50706

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50706

EUVD