CVE-2025-22062NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference59 documents7 sources
Severity
5.5MEDIUMNVD
OSV8.8OSV7.1OSV5.9
EPSS
0.1%
top 70.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedApr 16
Latest updateJan 9

Description

In the Linux kernel, the following vulnerability has been resolved: sctp: add mutual exclusion in proc_sctp_do_udp_port() We must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start() or risk a crash as syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 1 UID: 0 PID: 6551 Comm: syz.1.44 Not tainted 6.14.0-syzkaller-g7f2ff7b62617 #

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

NVDlinux/linux_kernel5.116.12.23+2
Debianlinux/linux_kernel< 6.1.140-1+2
Ubuntulinux/linux_kernel< 5.15.0-144.157+2
CVEListV5linux/linux046c052b475e7119b6a30e3483e2888fc606a2f865ccb2793da7401772a3ffe85355c831b313c59f+7

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

29
OSV
linux-azure-nvidia vulnerabilities2026-01-09
OSV
linux-azure-fips vulnerabilities2025-12-17
OSV
linux-raspi vulnerabilities2025-11-25
OSV
linux-raspi-realtime vulnerabilities2025-11-24
OSV
linux-aws-6.8 vulnerabilities2025-11-12

📋Vendor Advisories

29
Ubuntu
Linux kernel (Azure, N-Series) vulnerabilities2026-01-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2025-12-17
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-11-25
Ubuntu
Linux kernel (Raspberry Pi Real-time) vulnerabilities2025-11-24
Ubuntu
Linux kernel (AWS) vulnerabilities2025-11-12
CVE-2025-22062 — NULL Pointer Dereference in Linux | cvebase