CVE-2022-50365
BaseFortify
Publication date: 2025-09-17
Last updated on: 2025-12-10
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 4.9.194 (inc) to 4.9.337 (exc) |
| linux | linux_kernel | From 4.14.145 (inc) to 4.14.303 (exc) |
| linux | linux_kernel | From 4.19.74 (inc) to 4.19.270 (exc) |
| linux | linux_kernel | From 5.2.16 (inc) to 5.3 (exc) |
| linux | linux_kernel | From 5.3.1 (inc) to 5.4.229 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.163 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.86 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.0.16 (exc) |
| linux | linux_kernel | From 6.1 (inc) to 6.1.2 (exc) |
| linux | linux_kernel | 5.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves improper handling of the tail adjustment during pull operations on skbuffs (socket buffers). Specifically, when a program uses a helper like BPF_FUNC_skb_pull_data to read partial content beyond the head skb headlen, and all skbs in the gso frag_list are linear with no head_frag, extending the tail can cause unexpected side effects leading to a kernel BUG. The issue occurs in skb_segment and related functions during UDP segmentation offload processing. The fix involves marking these skbs as GSO_DODGY so that segmentation can properly handle tail updates.
How can this vulnerability impact me? :
This vulnerability can cause a kernel crash (kernel BUG) when processing certain network packets, potentially leading to denial of service on affected systems. Programs using BPF helpers to read packet data may trigger this bug, causing instability or interruption of network services.