CVE-2022-49664
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49664
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49664.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49664
- Downstream
- Published
- 2025-02-26T02:23:59Z
- Modified
- 2025-10-15T00:04:00.511414Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- tipc: move bc link creation back to tipc_node_create
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
tipc: move bc link creation back to tipcnodecreate
Shuang Li reported a NULL pointer dereference crash:
[] BUG: kernel NULL pointer dereference, address: 0000000000000068 [] RIP: 0010:tipclinkisup+0x5/0x10 [tipc] [] Call Trace: [] <IRQ> [] tipcbcastrcv+0xa2/0x190 [tipc] [] tipcnodebcrcv+0x8b/0x200 [tipc] [] tipcrcv+0x3af/0x5b0 [tipc] [] tipcudp_recv+0xc7/0x1e0 [tipc]
It was caused by the 'l' passed into tipcbcastrcv() is NULL. When it creates a node in tipcnodecheckdest(), after inserting the new node into hashtable in tipcnode_create(), it creates the bc link. However, there is a gap between this insert and bc link creation, a bc packet may come in and get the node from the hashtable then try to dereference its bc link, which is NULL.
This patch is to fix it by moving the bc link creation before inserting into the hashtable.
Note that for a preliminary node becoming "real", the bc link creation should also be called before it's rehashed, as we don't create it for preliminary nodes.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/35fcb2ba35b4d9b592b558c3bcc6e0d90e213588
- https://git.kernel.org/stable/c/456bc338871c4a52117dd5ef29cce3745456d248
- https://git.kernel.org/stable/c/cb8092d70a6f5f01ec1490fce4d35efed3ed996c
- https://git.kernel.org/stable/c/e52910e671f58c619e33dac476b11b35e2d3ab6f
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4cbf8ac2fe5a0846508fe02b95a5de1a90fa73f4Fixed456bc338871c4a52117dd5ef29cce3745456d248
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4cbf8ac2fe5a0846508fe02b95a5de1a90fa73f4Fixed35fcb2ba35b4d9b592b558c3bcc6e0d90e213588
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4cbf8ac2fe5a0846508fe02b95a5de1a90fa73f4Fixede52910e671f58c619e33dac476b11b35e2d3ab6f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4cbf8ac2fe5a0846508fe02b95a5de1a90fa73f4Fixedcb8092d70a6f5f01ec1490fce4d35efed3ed996c
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0b8f0026bbd4df1688e1726026476e60762daf2a
Affected versions
v5.*
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.10.1
v5.10.10
v5.10.100
v5.10.101
v5.10.102
v5.10.103
v5.10.104
v5.10.105
v5.10.106
v5.10.107
v5.10.108
v5.10.109
v5.10.11
v5.10.110
v5.10.111
v5.10.112
v5.10.113
v5.10.114
v5.10.115
v5.10.116
v5.10.117
v5.10.118
v5.10.119
v5.10.12
v5.10.120
v5.10.121
v5.10.122
v5.10.123
v5.10.124
v5.10.125
v5.10.126
v5.10.127
v5.10.128
v5.10.13
v5.10.14
v5.10.15
v5.10.16
v5.10.17
v5.10.18
v5.10.19
v5.10.2
v5.10.20
v5.10.21
v5.10.22
v5.10.23
v5.10.24
v5.10.25
v5.10.26
v5.10.27
v5.10.28
v5.10.29
v5.10.3
v5.10.30
v5.10.31
v5.10.32
v5.10.33
v5.10.34
v5.10.35
v5.10.36
v5.10.37
v5.10.38
v5.10.39
v5.10.4
v5.10.40
v5.10.41
v5.10.42
v5.10.43
v5.10.44
v5.10.45
v5.10.46
v5.10.47
v5.10.48
v5.10.49
v5.10.5
v5.10.50
v5.10.51
v5.10.52
v5.10.53
v5.10.54
v5.10.55
v5.10.56
v5.10.57
v5.10.58
v5.10.59
v5.10.6
v5.10.60
v5.10.61
v5.10.62
v5.10.63
v5.10.64
v5.10.65
v5.10.66
v5.10.67
v5.10.68
v5.10.69
v5.10.7
v5.10.70
v5.10.71
v5.10.72
v5.10.73
v5.10.74
v5.10.75
v5.10.76
v5.10.77
v5.10.78
v5.10.79
v5.10.8
v5.10.80
v5.10.81
v5.10.82
v5.10.83
v5.10.84
v5.10.85
v5.10.86
v5.10.87
v5.10.88
v5.10.89
v5.10.9
v5.10.90
v5.10.91
v5.10.92
v5.10.93
v5.10.94
v5.10.95
v5.10.96
v5.10.97
v5.10.98
v5.10.99
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.18.2
v5.18.3
v5.18.4
v5.18.5
v5.18.6
v5.18.7
v5.18.8
v5.18.9
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.4
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.4.287
v5.4.288
v5.4.289
v5.4.290
v5.4.291
v5.4.292
v5.4.293
v5.4.294
v5.4.295
v5.4.296
v5.4.297
v5.4.298
v5.4.299
v5.4.300
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2022-49664-02f9d802",
"signature_type": "Line",
"target": {
"file": "net/tipc/node.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"41364023376625852146087053063731242136",
"170950695615727317631370993145638047300",
"59056966180764556182277793738027927099",
"136508836680537974952122999541904091194",
"298527943562528099638706036954079885993",
"336884425506667426757387498433309689909",
"740669728309916021711223146585353764",
"278884048436443067824329760126907591303",
"168422598565518432541344827836517193988",
"298554867933102666608434935225874216303",
"279208636097742136447547409547507659546",
"106918404083570281121237666275027862651",
"234397825365605920695365445646860610937",
"314372908450970477339000796603446307687",
"284715764716090186471607864392972871165",
"246547334889631988214935131360715993881",
"273050021887994622693407658004309138491",
"136289044995913941993614235719362993419",
"200582807243966697089192998234973247409",
"304360875723919269437564953638992650488",
"113508738521456331796697284110690677512",
"96405644842695806241375643604272698276",
"178501616481678130972863301635555351614",
"212195633760017106097320745677325452712",
"62882978791714246803668108272964929462",
"223695305926103827999215606863124843848",
"180548143439715570977668480246593528452",
"111319905157015015078868545701503870753",
"224761681267291071780573791227546836136",
"309893897026329983403833586660929186239",
"155445364907071446670370492754159298420",
"254680146155167335100917698544585807403",
"310299404053548096735721716661159210601",
"9936655243350226633980830450553913263",
"324108837642104985381011996482598378501",
"113044625654918073413088173034672555391",
"134348517300679649078385803075577475668"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cb8092d70a6f5f01ec1490fce4d35efed3ed996c"
},
{
"id": "CVE-2022-49664-0662fb20",
"signature_type": "Function",
"target": {
"file": "net/tipc/node.c",
"function": "tipc_node_check_dest"
},
"signature_version": "v1",
"digest": {
"length": 2822.0,
"function_hash": "89001884854857490227859426780918784829"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e52910e671f58c619e33dac476b11b35e2d3ab6f"
},
{
"id": "CVE-2022-49664-33a4b305",
"signature_type": "Line",
"target": {
"file": "net/tipc/node.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"41364023376625852146087053063731242136",
"170950695615727317631370993145638047300",
"59056966180764556182277793738027927099",
"136508836680537974952122999541904091194",
"298527943562528099638706036954079885993",
"336884425506667426757387498433309689909",
"740669728309916021711223146585353764",
"278884048436443067824329760126907591303",
"168422598565518432541344827836517193988",
"298554867933102666608434935225874216303",
"279208636097742136447547409547507659546",
"106918404083570281121237666275027862651",
"234397825365605920695365445646860610937",
"314372908450970477339000796603446307687",
"284715764716090186471607864392972871165",
"246547334889631988214935131360715993881",
"273050021887994622693407658004309138491",
"136289044995913941993614235719362993419",
"200582807243966697089192998234973247409",
"304360875723919269437564953638992650488",
"113508738521456331796697284110690677512",
"96405644842695806241375643604272698276",
"178501616481678130972863301635555351614",
"212195633760017106097320745677325452712",
"62882978791714246803668108272964929462",
"223695305926103827999215606863124843848",
"180548143439715570977668480246593528452",
"111319905157015015078868545701503870753",
"224761681267291071780573791227546836136",
"309893897026329983403833586660929186239",
"155445364907071446670370492754159298420",
"254680146155167335100917698544585807403",
"310299404053548096735721716661159210601",
"9936655243350226633980830450553913263",
"324108837642104985381011996482598378501",
"113044625654918073413088173034672555391",
"134348517300679649078385803075577475668"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e52910e671f58c619e33dac476b11b35e2d3ab6f"
},
{
"id": "CVE-2022-49664-44d39b5c",
"signature_type": "Function",
"target": {
"file": "net/tipc/node.c",
"function": "tipc_node_check_dest"
},
"signature_version": "v1",
"digest": {
"length": 2822.0,
"function_hash": "89001884854857490227859426780918784829"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cb8092d70a6f5f01ec1490fce4d35efed3ed996c"
},
{
"id": "CVE-2022-49664-5ed4b3e7",
"signature_type": "Function",
"target": {
"file": "net/tipc/node.c",
"function": "tipc_node_create"
},
"signature_version": "v1",
"digest": {
"length": 3355.0,
"function_hash": "88920254675223155922473892731819341578"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e52910e671f58c619e33dac476b11b35e2d3ab6f"
},
{
"id": "CVE-2022-49664-6f10daf5",
"signature_type": "Function",
"target": {
"file": "net/tipc/node.c",
"function": "tipc_node_create"
},
"signature_version": "v1",
"digest": {
"length": 3355.0,
"function_hash": "88920254675223155922473892731819341578"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@456bc338871c4a52117dd5ef29cce3745456d248"
},
{
"id": "CVE-2022-49664-793e2cd2",
"signature_type": "Function",
"target": {
"file": "net/tipc/node.c",
"function": "tipc_node_check_dest"
},
"signature_version": "v1",
"digest": {
"length": 2822.0,
"function_hash": "89001884854857490227859426780918784829"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@35fcb2ba35b4d9b592b558c3bcc6e0d90e213588"
},
{
"id": "CVE-2022-49664-a65f4c33",
"signature_type": "Function",
"target": {
"file": "net/tipc/node.c",
"function": "tipc_node_check_dest"
},
"signature_version": "v1",
"digest": {
"length": 2822.0,
"function_hash": "89001884854857490227859426780918784829"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@456bc338871c4a52117dd5ef29cce3745456d248"
},
{
"id": "CVE-2022-49664-aec3b5dc",
"signature_type": "Function",
"target": {
"file": "net/tipc/node.c",
"function": "tipc_node_create"
},
"signature_version": "v1",
"digest": {
"length": 3355.0,
"function_hash": "88920254675223155922473892731819341578"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cb8092d70a6f5f01ec1490fce4d35efed3ed996c"
},
{
"id": "CVE-2022-49664-b94ad42e",
"signature_type": "Line",
"target": {
"file": "net/tipc/node.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"41364023376625852146087053063731242136",
"170950695615727317631370993145638047300",
"59056966180764556182277793738027927099",
"136508836680537974952122999541904091194",
"298527943562528099638706036954079885993",
"336884425506667426757387498433309689909",
"740669728309916021711223146585353764",
"278884048436443067824329760126907591303",
"168422598565518432541344827836517193988",
"298554867933102666608434935225874216303",
"279208636097742136447547409547507659546",
"106918404083570281121237666275027862651",
"234397825365605920695365445646860610937",
"314372908450970477339000796603446307687",
"284715764716090186471607864392972871165",
"246547334889631988214935131360715993881",
"273050021887994622693407658004309138491",
"136289044995913941993614235719362993419",
"200582807243966697089192998234973247409",
"304360875723919269437564953638992650488",
"113508738521456331796697284110690677512",
"96405644842695806241375643604272698276",
"178501616481678130972863301635555351614",
"212195633760017106097320745677325452712",
"62882978791714246803668108272964929462",
"223695305926103827999215606863124843848",
"180548143439715570977668480246593528452",
"111319905157015015078868545701503870753",
"224761681267291071780573791227546836136",
"309893897026329983403833586660929186239",
"155445364907071446670370492754159298420",
"254680146155167335100917698544585807403",
"310299404053548096735721716661159210601",
"9936655243350226633980830450553913263",
"324108837642104985381011996482598378501",
"113044625654918073413088173034672555391",
"134348517300679649078385803075577475668"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@35fcb2ba35b4d9b592b558c3bcc6e0d90e213588"
},
{
"id": "CVE-2022-49664-e24bd780",
"signature_type": "Line",
"target": {
"file": "net/tipc/node.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"41364023376625852146087053063731242136",
"170950695615727317631370993145638047300",
"59056966180764556182277793738027927099",
"136508836680537974952122999541904091194",
"298527943562528099638706036954079885993",
"336884425506667426757387498433309689909",
"740669728309916021711223146585353764",
"278884048436443067824329760126907591303",
"168422598565518432541344827836517193988",
"298554867933102666608434935225874216303",
"279208636097742136447547409547507659546",
"106918404083570281121237666275027862651",
"234397825365605920695365445646860610937",
"314372908450970477339000796603446307687",
"284715764716090186471607864392972871165",
"246547334889631988214935131360715993881",
"273050021887994622693407658004309138491",
"136289044995913941993614235719362993419",
"200582807243966697089192998234973247409",
"304360875723919269437564953638992650488",
"113508738521456331796697284110690677512",
"96405644842695806241375643604272698276",
"178501616481678130972863301635555351614",
"212195633760017106097320745677325452712",
"62882978791714246803668108272964929462",
"223695305926103827999215606863124843848",
"180548143439715570977668480246593528452",
"111319905157015015078868545701503870753",
"224761681267291071780573791227546836136",
"309893897026329983403833586660929186239",
"155445364907071446670370492754159298420",
"254680146155167335100917698544585807403",
"310299404053548096735721716661159210601",
"9936655243350226633980830450553913263",
"324108837642104985381011996482598378501",
"113044625654918073413088173034672555391",
"134348517300679649078385803075577475668"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@456bc338871c4a52117dd5ef29cce3745456d248"
},
{
"id": "CVE-2022-49664-e38cfc1b",
"signature_type": "Function",
"target": {
"file": "net/tipc/node.c",
"function": "tipc_node_create"
},
"signature_version": "v1",
"digest": {
"length": 3355.0,
"function_hash": "88920254675223155922473892731819341578"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@35fcb2ba35b4d9b592b558c3bcc6e0d90e213588"
}
]
}