CVE-2022-50655

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-50655
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50655.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-50655
Downstream
Published
2025-12-09T00:00:30.337Z
Modified
2026-03-12T03:26:46.481199Z
Summary
ppp: associate skb with a device at tx
Details

In the Linux kernel, the following vulnerability has been resolved:

ppp: associate skb with a device at tx

Syzkaller triggered flow dissector warning with the following:

r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000240)={0x2, &(0x7f0000000180)=[{0x20, 0x0, 0x0, 0xfffff034}, {0x6}]}) pwritev(r0, &(0x7f0000000040)=[{&(0x7f0000000140)='\x00!', 0x2}], 0x1, 0x0, 0x0)

[ 9.485814] WARNING: CPU: 3 PID: 329 at net/core/flow_dissector.c:1016 __skbflowdissect+0x1ee0/0x1fa0 [ 9.485929] skbgetpoff+0x53/0xa0 [ 9.485937] bpfskbgetpayoffset+0xe/0x20 [ 9.485944] ? pppsendframe+0xc2/0x5b0 [ 9.485949] ? rawspinunlockirqrestore+0x40/0x60 [ 9.485958] ? __pppxmitprocess+0x7a/0xe0 [ 9.485968] ? ppp_xmitprocess+0x5b/0xb0 [ 9.485974] ? pppwrite+0x12a/0x190 [ 9.485981] ? doiterwrite+0x18e/0x2d0 [ 9.485987] ? __importiovec+0x30/0x130 [ 9.485997] ? dopwritev+0x1b6/0x240 [ 9.486016] ? tracehardirqson+0x47/0x50 [ 9.486023] ? __x64syspwritev+0x24/0x30 [ 9.486026] ? dosyscall64+0x3d/0x80 [ 9.486031] ? entrySYSCALL64afterhwframe+0x63/0xcd

Flow dissector tries to find skb net namespace either via device or via socket. Neigher is set in pppsendframe, so let's manually use ppp->dev.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50655.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d58e468b1112dcd1d5193c0a89ff9f98b5a3e8b9
Fixed
7da524781c531ebaf2f94c9dc4c541b82edecfed
Fixed
148dcbd3af039ae39c3af697a3183008c7995805
Fixed
4b8f3b939266c90f03b7cc7e26a4c28c7b64137b
Fixed
18dc946360bfe0de016a59e3cc3ee1f450fceb9d
Fixed
ee678b1f52f9439e930db2db3fd7e345d03e1a50
Fixed
9f225444467b98579cf28d94f4ad053460dfdb84

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50655.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.229
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.163
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.86
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.0.16
Type
ECOSYSTEM
Events
Introduced
6.1.0
Fixed
6.1.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50655.json"