DEBIAN-CVE-2022-50655

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2022-50655

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50655.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2022-50655

Upstream

CVE-2022-50655

Published

2025-12-09T01:16:48.460Z

Modified

2025-12-10T11:16:20.645410Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: ppp: associate skb with a device at tx Syzkaller triggered flow dissector warning with the following: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000240)={0x2, &(0x7f0000000180)=[{0x20, 0x0, 0x0, 0xfffff034}, {0x6}]}) pwritev(r0, &(0x7f0000000040)=[{&(0x7f0000000140)='\x00!', 0x2}], 0x1, 0x0, 0x0) [ 9.485814] WARNING: CPU: 3 PID: 329 at net/core/flowdissector.c:1016 _skbflowdissect+0x1ee0/0x1fa0 [ 9.485929] skbgetpoff+0x53/0xa0 [ 9.485937] bpfskbgetpayoffset+0xe/0x20 [ 9.485944] ? pppsendframe+0xc2/0x5b0 [ 9.485949] ? rawspinunlockirqrestore+0x40/0x60 [ 9.485958] ? _pppxmitprocess+0x7a/0xe0 [ 9.485968] ? pppxmitprocess+0x5b/0xb0 [ 9.485974] ? pppwrite+0x12a/0x190 [ 9.485981] ? doiterwrite+0x18e/0x2d0 [ 9.485987] ? _importiovec+0x30/0x130 [ 9.485997] ? dopwritev+0x1b6/0x240 [ 9.486016] ? tracehardirqson+0x47/0x50 [ 9.486023] ? _x64syspwritev+0x24/0x30 [ 9.486026] ? dosyscall64+0x3d/0x80 [ 9.486031] ? entrySYSCALL64afterhwframe+0x63/0xcd Flow dissector tries to find skb net namespace either via device or via socket. Neigher is set in pppsendframe, so let's manually use ppp->dev.

References

https://security-tracker.debian.org/tracker/CVE-2022-50655

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.178-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

5.10.113-1

5.10.120-1~bpo10+1

5.10.120-1

5.10.127-1

5.10.127-2~bpo10+1

5.10.127-2

5.10.136-1

5.10.140-1

5.10.148-1

5.10.149-1

5.10.149-2

5.10.158-1

5.10.158-2

5.10.162-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50655.json"

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50655.json"

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50655.json"

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50655.json"