CVE-2022-50817NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
6.2MEDIUM
No vector
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid possible NULL deref in skb_clone() syzbot got a crash [1] in skb_clone(), caused by a bug in hsr_get_untagged_frame(). When/if create_stripped_skb_hsr() returns NULL, we must not attempt to call skb_clone(). While we are at it, replace a WARN_ONCE() by netdev_warn_once(). [1] general protection fault, probably for non-canonical address 0xdffffc000000000f: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in

Affected Packages4 packages

Linuxlinux/linux_kernel3.17.05.10.152+2
Debianlinux/linux_kernel< 5.10.158-1+3
CVEListV5linux/linuxf266a683a4804dc499efc6c2206ef68efed029d0ff7ba766758313129794f150bbc4d351b5e17a53+4
debiandebian/linux< linux 6.0.6-1 (bookworm)

🔴Vulnerability Details

3
OSV
net: hsr: avoid possible NULL deref in skb_clone()2025-12-30
GHSA
GHSA-wv4w-6f2g-7mq7: In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid possible NULL deref in skb_clone() syzbot got a crash [1] in skb2025-12-30
OSV
CVE-2022-50817: In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid possible NULL deref in skb_clone() syzbot got a crash [1] in skb_c2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: net: hsr: avoid possible NULL deref in skb_clone()2025-12-30
Debian
CVE-2022-50817: linux - In the Linux kernel, the following vulnerability has been resolved: net: hsr: a...2022

🕵️Threat Intelligence

1
Wiz
CVE-2022-50817 Impact, Exploitability, and Mitigation Steps | Wiz