lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <2025091854-CVE-2022-50397-44b6@gregkh>
Date: Thu, 18 Sep 2025 15:34:11 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2022-50397: net/ieee802154: reject zero-sized raw_sendmsg()

From: Greg Kroah-Hartman <gregkh@...nel.org>

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

net/ieee802154: reject zero-sized raw_sendmsg()

syzbot is hitting skb_assert_len() warning at raw_sendmsg() for ieee802154
socket. What commit dc633700f00f726e ("net/af_packet: check len when
min_header_len equals to 0") does also applies to ieee802154 socket.

The Linux kernel CVE team has assigned CVE-2022-50397 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 5.4.212 with commit 8b68e53d56697a59b5c53893b53f508bbdf272a0 and fixed in 5.4.220 with commit 03ac583eefc9bc980213c53a79abc32a5539756e
	Issue introduced in 5.10.141 with commit 6204bf78b2a903b96ba43afff6abc0b04d6e0462 and fixed in 5.10.150 with commit 67cb80a9d2c83edac0e42aaa91ed4dd527cec284
	Issue introduced in 5.15.65 with commit a75987714bd2d8e59840667a28e15c1fa5c47554 and fixed in 5.15.75 with commit 77bfd26cbb61a9f49ecb83729f0fd1352c17ddd8
	Issue introduced in 5.19.7 with commit 72f2dc8993f10262092745a88cb2dd0fef094f23 and fixed in 5.19.17 with commit 51d4260585cf36106d29dcefeafa09d9cd5972cf
	Issue introduced in 6.0 with commit fd1894224407c484f652ad456e1ce423e89bb3eb and fixed in 6.0.3 with commit 55043e109f435472b0663fa2a4df1cc308a978ad
	Issue introduced in 6.0 with commit fd1894224407c484f652ad456e1ce423e89bb3eb and fixed in 6.1 with commit 3a4d061c699bd3eedc80dc97a4b2a2e1af83c6f5

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-50397
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	net/ieee802154/socket.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/03ac583eefc9bc980213c53a79abc32a5539756e
	https://git.kernel.org/stable/c/67cb80a9d2c83edac0e42aaa91ed4dd527cec284
	https://git.kernel.org/stable/c/77bfd26cbb61a9f49ecb83729f0fd1352c17ddd8
	https://git.kernel.org/stable/c/51d4260585cf36106d29dcefeafa09d9cd5972cf
	https://git.kernel.org/stable/c/55043e109f435472b0663fa2a4df1cc308a978ad
	https://git.kernel.org/stable/c/3a4d061c699bd3eedc80dc97a4b2a2e1af83c6f5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ