CVE-2022-50816Improper Input Validation in Linux

CWE-20Improper Input Validation7 documents6 sources
Severity
4.7MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: ensure sane device mtu in tunnels Another syzbot report [1] with no reproducer hints at a bug in ip6_gre tunnel (dev:ip6gretap0) Since ipv6 mcast code makes sure to read dev->mtu once and applies a sanity check on it (see commit b9b312a7a451 "ipv6: mcast: better catch silly mtu values"), a remaining possibility is that a layer is able to set dev->mtu to an underflowed value (high order bit set). This could happen indee

Affected Packages4 packages

Linuxlinux/linux_kernel3.7.04.14.305+5
Debianlinux/linux_kernel< 5.10.158-1+3
CVEListV5linux/linuxc12b395a46646bab69089ce7016ac78177f6001f2bab6fa449d16af36d9c9518865f783a15f446c7+7
debiandebian/linux< linux 6.0.7-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-p2cq-487q-r77f: In the Linux kernel, the following vulnerability has been resolved: ipv6: ensure sane device mtu in tunnels Another syzbot report [1] with no reprod2025-12-30
OSV
CVE-2022-50816: In the Linux kernel, the following vulnerability has been resolved: ipv6: ensure sane device mtu in tunnels Another syzbot report [1] with no reproduc2025-12-30
OSV
ipv6: ensure sane device mtu in tunnels2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: ipv6: ensure sane device mtu in tunnels2025-12-30
Debian
CVE-2022-50816: linux - In the Linux kernel, the following vulnerability has been resolved: ipv6: ensur...2022

🕵️Threat Intelligence

1
Wiz
CVE-2022-50816 Impact, Exploitability, and Mitigation Steps | Wiz