CVE-2022-50780Expired Pointer Dereference in Linux

CWE-825Expired Pointer Dereference7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed When the ops_init() interface is invoked to initialize the net, but ops->init() fails, data is released. However, the ptr pointer in net->gen is invalid. In this case, when nfqnl_nf_hook_drop() is invoked to release the net, invalid address access occurs. The process is as follows: setup_net() ops_init() data = kzalloc(...) ---> alloc "data" net_assign_generic(

Affected Packages4 packages

Linuxlinux/linux_kernel2.6.334.19.264+4
Debianlinux/linux_kernel< 5.10.158-1+3
CVEListV5linux/linuxf875bae065334907796da12523f9df85c89f57125a2ea549be94924364f6911227d99be86e8cf34a+6
debiandebian/linux< linux 6.0.7-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2022-50780: In the Linux kernel, the following vulnerability has been resolved: net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed When the ops_ini2025-12-24
GHSA
GHSA-mpc6-67r3-hw66: In the Linux kernel, the following vulnerability has been resolved: net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed When the ops_i2025-12-24
OSV
net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed2025-12-24
Debian
CVE-2022-50780: linux - In the Linux kernel, the following vulnerability has been resolved: net: fix UA...2022

🕵️Threat Intelligence

1
Wiz
CVE-2022-50780 Impact, Exploitability, and Mitigation Steps | Wiz