CVE-2022-50817

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-50817
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50817.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-50817
Downstream
Published
2025-12-30T12:08:32.866Z
Modified
2026-03-20T11:47:37.845549Z
Summary
net: hsr: avoid possible NULL deref in skb_clone()
Details

In the Linux kernel, the following vulnerability has been resolved:

net: hsr: avoid possible NULL deref in skb_clone()

syzbot got a crash [1] in skbclone(), caused by a bug in hsrgetuntaggedframe().

When/if createstrippedskbhsr() returns NULL, we must not attempt to call skbclone().

While we are at it, replace a WARNONCE() by netdevwarn_once().

[1] general protection fault, probably for non-canonical address 0xdffffc000000000f: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000078-0x000000000000007f] CPU: 1 PID: 754 Comm: syz-executor.0 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 RIP: 0010:skb_clone+0x108/0x3c0 net/core/skbuff.c:1641 Code: 93 02 00 00 49 83 7c 24 28 00 0f 85 e9 00 00 00 e8 5d 4a 29 fa 4c 8d 75 7e 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 <0f> b6 04 02 4c 89 f2 83 e2 07 38 d0 7f 08 84 c0 0f 85 9e 01 00 00 RSP: 0018:ffffc90003ccf4e0 EFLAGS: 00010207

RAX: dffffc0000000000 RBX: ffffc90003ccf5f8 RCX: ffffc9000c24b000 RDX: 000000000000000f RSI: ffffffff8751cb13 RDI: 0000000000000000 RBP: 0000000000000000 R08: 00000000000000f0 R09: 0000000000000140 R10: fffffbfff181d972 R11: 0000000000000000 R12: ffff888161fc3640 R13: 0000000000000a20 R14: 000000000000007e R15: ffffffff8dc5f620 FS: 00007feb621e4700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007feb621e3ff8 CR3: 00000001643a9000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> hsrgetuntaggedframe+0x4e/0x610 net/hsr/hsrforward.c:164 hsrforwarddo net/hsr/hsrforward.c:461 [inline] hsrforwardskb+0xcca/0x1d50 net/hsr/hsrforward.c:623 hsrhandleframe+0x588/0x7c0 net/hsr/hsr_slave.c:69 __netifreceiveskb_core+0x9fe/0x38f0 net/core/dev.c:5379 __netifreceiveskbonecore+0xae/0x180 net/core/dev.c:5483 _netifreceiveskb+0x1f/0x1c0 net/core/dev.c:5599 netifreceiveskbinternal net/core/dev.c:5685 [inline] netifreceiveskb+0x12f/0x8d0 net/core/dev.c:5744 tunrxbatched+0x4ab/0x7a0 drivers/net/tun.c:1544 tungetuser+0x2686/0x3a00 drivers/net/tun.c:1995 tunchrwriteiter+0xdb/0x200 drivers/net/tun.c:2025 callwriteiter include/linux/fs.h:2187 [inline] newsyncwrite fs/readwrite.c:491 [inline] vfswrite+0x9e9/0xdd0 fs/readwrite.c:584 ksyswrite+0x127/0x250 fs/readwrite.c:637 dosyscallx64 arch/x86/entry/common.c:50 [inline] dosyscall64+0x35/0xb0 arch/x86/entry/common.c:80 entrySYSCALL64afterhwframe+0x63/0xcd

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50817.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f266a683a4804dc499efc6c2206ef68efed029d0
Fixed
ff7ba766758313129794f150bbc4d351b5e17a53
Fixed
35ece858660eae13ee0242496a1956c39d29418e
Fixed
c46f2e0fcd1ecfc6046e5cf785ff89f0572f94e4
Fixed
d8b57135fd9ffe9a5b445350a686442a531c5339

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50817.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.17.0
Fixed
5.10.152
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.76
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.0.6

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50817.json"