Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-50405

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
18/09/2025
Last modified:
14/01/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/tunnel: wait until all sk_user_data reader finish before releasing the sock<br /> <br /> There is a race condition in vxlan that when deleting a vxlan device<br /> during receiving packets, there is a possibility that the sock is<br /> released after getting vxlan_sock vs from sk_user_data. Then in<br /> later vxlan_ecn_decapsulate(), vxlan_get_sk_family() we will got<br /> NULL pointer dereference. e.g.<br /> <br /> #0 [ffffa25ec6978a38] machine_kexec at ffffffff8c669757<br /> #1 [ffffa25ec6978a90] __crash_kexec at ffffffff8c7c0a4d<br /> #2 [ffffa25ec6978b58] crash_kexec at ffffffff8c7c1c48<br /> #3 [ffffa25ec6978b60] oops_end at ffffffff8c627f2b<br /> #4 [ffffa25ec6978b80] page_fault_oops at ffffffff8c678fcb<br /> #5 [ffffa25ec6978bd8] exc_page_fault at ffffffff8d109542<br /> #6 [ffffa25ec6978c00] asm_exc_page_fault at ffffffff8d200b62<br /> [exception RIP: vxlan_ecn_decapsulate+0x3b]<br /> RIP: ffffffffc1014e7b RSP: ffffa25ec6978cb0 RFLAGS: 00010246<br /> RAX: 0000000000000008 RBX: ffff8aa000888000 RCX: 0000000000000000<br /> RDX: 000000000000000e RSI: ffff8a9fc7ab803e RDI: ffff8a9fd1168700<br /> RBP: ffff8a9fc7ab803e R8: 0000000000700000 R9: 00000000000010ae<br /> R10: ffff8a9fcb748980 R11: 0000000000000000 R12: ffff8a9fd1168700<br /> R13: ffff8aa000888000 R14: 00000000002a0000 R15: 00000000000010ae<br /> ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018<br /> #7 [ffffa25ec6978ce8] vxlan_rcv at ffffffffc10189cd [vxlan]<br /> #8 [ffffa25ec6978d90] udp_queue_rcv_one_skb at ffffffff8cfb6507<br /> #9 [ffffa25ec6978dc0] udp_unicast_rcv_skb at ffffffff8cfb6e45<br /> #10 [ffffa25ec6978dc8] __udp4_lib_rcv at ffffffff8cfb8807<br /> #11 [ffffa25ec6978e20] ip_protocol_deliver_rcu at ffffffff8cf76951<br /> #12 [ffffa25ec6978e48] ip_local_deliver at ffffffff8cf76bde<br /> #13 [ffffa25ec6978ea0] __netif_receive_skb_one_core at ffffffff8cecde9b<br /> #14 [ffffa25ec6978ec8] process_backlog at ffffffff8cece139<br /> #15 [ffffa25ec6978f00] __napi_poll at ffffffff8ceced1a<br /> #16 [ffffa25ec6978f28] net_rx_action at ffffffff8cecf1f3<br /> #17 [ffffa25ec6978fa0] __softirqentry_text_start at ffffffff8d4000ca<br /> #18 [ffffa25ec6978ff0] do_softirq at ffffffff8c6fbdc3<br /> <br /> Reproducer: https://github.com/Mellanox/ovs-tests/blob/master/test-ovs-vxlan-remove-tunnel-during-traffic.sh<br /> <br /> Fix this by waiting for all sk_user_data reader to finish before<br /> releasing the sock.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 3.18 (including) 4.9.337 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.10 (including) 4.14.303 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.15 (including) 4.19.270 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.20 (including) 5.4.229 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5 (including) 5.10.163 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.86 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.0.16 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.1 (including) 6.1.2 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools