CVE-2022-49664

MEDIUM EPSS 17.2%
Published Feb 26, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: tipc: move bc link creation back to tipc_node_create Shuang Li reported a NULL pointer dereference crash: [] BUG: kernel NULL pointer dereference, address: 0000000000000068 [] RIP: 0010:tipc_link_is_up+0x5/0x10 [tipc] [] Call Trace: [] <IRQ> [] tipc_bcast_rcv+0xa2/0x190 [tipc] [] tipc_node_bc_rcv+0x8b/0x200 [tipc] [] tipc_rcv+0x3af/0x5b0 [tipc] [] tipc_udp_recv+0xc7/0x1e0 [tipc] It was caused by the 'l' passed into tipc_bcast_rcv() is NULL. When it creates a node in tipc_node_check_dest(), after inserting the new node into hashtable in tipc_node_create(), it creates the bc link. However, there is a gap between this insert and bc link creation, a bc packet may come in and get the node from the hashtable then try to dereference its bc link, which is NULL. This patch is to fix it by moving the bc link creation before inserting into the hashtable. Note that for a preliminary node becoming "real", the bc link creation should also be called before it's rehashed, as we don't create it for preliminary nodes.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
17.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥5.4.287  –  <5.10.129
linuxlinux_kernel*≥5.11  –  <5.15.53
linuxlinux_kernel*≥5.16  –  <5.18.10
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any

References 4

  • git.kernel.org https://git.kernel.org/stable/c/35fcb2ba35b4d9b592b558c3bcc6e0d90e213588
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/456bc338871c4a52117dd5ef29cce3745456d248
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cb8092d70a6f5f01ec1490fce4d35efed3ed996c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e52910e671f58c619e33dac476b11b35e2d3ab6f
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/35fcb2ba35b4d9b592b558c3bcc6e0d90e213588
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/456bc338871c4a52117dd5ef29cce3745456d248
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cb8092d70a6f5f01ec1490fce4d35efed3ed996c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e52910e671f58c619e33dac476b11b35e2d3ab6f
    Patch