FKIE_CVE-2022-50655

Vulnerability from fkie_nvd - Published: 2025-12-09 01:16 - Updated: 2025-12-23 14:16
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: ppp: associate skb with a device at tx Syzkaller triggered flow dissector warning with the following: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000240)={0x2, &(0x7f0000000180)=[{0x20, 0x0, 0x0, 0xfffff034}, {0x6}]}) pwritev(r0, &(0x7f0000000040)=[{&(0x7f0000000140)='\x00!', 0x2}], 0x1, 0x0, 0x0) [ 9.485814] WARNING: CPU: 3 PID: 329 at net/core/flow_dissector.c:1016 __skb_flow_dissect+0x1ee0/0x1fa0 [ 9.485929] skb_get_poff+0x53/0xa0 [ 9.485937] bpf_skb_get_pay_offset+0xe/0x20 [ 9.485944] ? ppp_send_frame+0xc2/0x5b0 [ 9.485949] ? _raw_spin_unlock_irqrestore+0x40/0x60 [ 9.485958] ? __ppp_xmit_process+0x7a/0xe0 [ 9.485968] ? ppp_xmit_process+0x5b/0xb0 [ 9.485974] ? ppp_write+0x12a/0x190 [ 9.485981] ? do_iter_write+0x18e/0x2d0 [ 9.485987] ? __import_iovec+0x30/0x130 [ 9.485997] ? do_pwritev+0x1b6/0x240 [ 9.486016] ? trace_hardirqs_on+0x47/0x50 [ 9.486023] ? __x64_sys_pwritev+0x24/0x30 [ 9.486026] ? do_syscall_64+0x3d/0x80 [ 9.486031] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd Flow dissector tries to find skb net namespace either via device or via socket. Neigher is set in ppp_send_frame, so let's manually use ppp->dev.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/148dcbd3af039ae39c3af697a3183008c7995805
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/18dc946360bfe0de016a59e3cc3ee1f450fceb9d
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4b8f3b939266c90f03b7cc7e26a4c28c7b64137b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7da524781c531ebaf2f94c9dc4c541b82edecfed
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9f225444467b98579cf28d94f4ad053460dfdb84
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ee678b1f52f9439e930db2db3fd7e345d03e1a50
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: associate skb with a device at tx\n\nSyzkaller triggered flow dissector warning with the following:\n\nr0 = openat$ppp(0xffffffffffffff9c, \u0026(0x7f0000000000), 0xc0802, 0x0)\nioctl$PPPIOCNEWUNIT(r0, 0xc004743e, \u0026(0x7f00000000c0))\nioctl$PPPIOCSACTIVE(r0, 0x40107446, \u0026(0x7f0000000240)={0x2, \u0026(0x7f0000000180)=[{0x20, 0x0, 0x0, 0xfffff034}, {0x6}]})\npwritev(r0, \u0026(0x7f0000000040)=[{\u0026(0x7f0000000140)=\u0027\\x00!\u0027, 0x2}], 0x1, 0x0, 0x0)\n\n[    9.485814] WARNING: CPU: 3 PID: 329 at net/core/flow_dissector.c:1016 __skb_flow_dissect+0x1ee0/0x1fa0\n[    9.485929]  skb_get_poff+0x53/0xa0\n[    9.485937]  bpf_skb_get_pay_offset+0xe/0x20\n[    9.485944]  ? ppp_send_frame+0xc2/0x5b0\n[    9.485949]  ? _raw_spin_unlock_irqrestore+0x40/0x60\n[    9.485958]  ? __ppp_xmit_process+0x7a/0xe0\n[    9.485968]  ? ppp_xmit_process+0x5b/0xb0\n[    9.485974]  ? ppp_write+0x12a/0x190\n[    9.485981]  ? do_iter_write+0x18e/0x2d0\n[    9.485987]  ? __import_iovec+0x30/0x130\n[    9.485997]  ? do_pwritev+0x1b6/0x240\n[    9.486016]  ? trace_hardirqs_on+0x47/0x50\n[    9.486023]  ? __x64_sys_pwritev+0x24/0x30\n[    9.486026]  ? do_syscall_64+0x3d/0x80\n[    9.486031]  ? entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFlow dissector tries to find skb net namespace either via device\nor via socket. Neigher is set in ppp_send_frame, so let\u0027s manually\nuse ppp-\u003edev."
    }
  ],
  "id": "CVE-2022-50655",
  "lastModified": "2025-12-23T14:16:39.583",
  "metrics": {},
  "published": "2025-12-09T01:16:48.460",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/148dcbd3af039ae39c3af697a3183008c7995805"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/18dc946360bfe0de016a59e3cc3ee1f450fceb9d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/4b8f3b939266c90f03b7cc7e26a4c28c7b64137b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7da524781c531ebaf2f94c9dc4c541b82edecfed"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/9f225444467b98579cf28d94f4ad053460dfdb84"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ee678b1f52f9439e930db2db3fd7e345d03e1a50"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.