CVE-2022-50397 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: net/ieee802154: reject zero-sized raw_sendmsg() syzbot is hitting skb_assert_len() warning at raw_sendmsg() for ieee802154 socket. What commit dc633700f00f726e ("net/af_packet: check len when min_header_len equals to 0") does also applies to ieee802154 socket.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/03ac583eefc9bc980213c53a79abc32a5539756e
https://git.kernel.org/stable/c/3a4d061c699bd3eedc80dc97a4b2a2e1af83c6f5
https://git.kernel.org/stable/c/51d4260585cf36106d29dcefeafa09d9cd5972cf
https://git.kernel.org/stable/c/55043e109f435472b0663fa2a4df1cc308a978ad
https://git.kernel.org/stable/c/67cb80a9d2c83edac0e42aaa91ed4dd527cec284
https://git.kernel.org/stable/c/77bfd26cbb61a9f49ecb83729f0fd1352c17ddd8
https://lore.kernel.org/linux-cve-announce/2025091854-CVE-2022-50397-44b6@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-50397
https://www.cve.org/CVERecord?id=CVE-2022-50397

History

Fri, 19 Sep 2025 09:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Vendors & Products		Linux Linux linux Kernel

Fri, 19 Sep 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025091854-CVE-2022-50397-44b6@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-50397 https://www.cve.org/CVERecord?id=CVE-2022-50397
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Thu, 18 Sep 2025 13:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net/ieee802154: reject zero-sized raw_sendmsg() syzbot is hitting skb_assert_len() warning at raw_sendmsg() for ieee802154 socket. What commit dc633700f00f726e ("net/af_packet: check len when min_header_len equals to 0") does also applies to ieee802154 socket.
Title		net/ieee802154: reject zero-sized raw_sendmsg()
References		https://git.kernel.org/stable/c/03ac583eefc9bc980213c53a79abc32a5539756e https://git.kernel.org/stable/c/3a4d061c699bd3eedc80dc97a4b2a2e1af83c6f5 https://git.kernel.org/stable/c/51d4260585cf36106d29dcefeafa09d9cd5972cf https://git.kernel.org/stable/c/55043e109f435472b0663fa2a4df1cc308a978ad https://git.kernel.org/stable/c/67cb80a9d2c83edac0e42aaa91ed4dd527cec284 https://git.kernel.org/stable/c/77bfd26cbb61a9f49ecb83729f0fd1352c17ddd8

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-09-18T13:33:15.161Z

Updated: 2025-09-18T13:33:15.161Z

Reserved: 2025-09-17T14:53:06.998Z

Link: CVE-2022-50397

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-09-18T14:15:38.867

Modified: 2025-09-18T14:15:38.867

Link: CVE-2022-50397

Redhat

Severity : Low

Publid Date: 2025-09-18T00:00:00Z

Links: CVE-2022-50397 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object