SB20250702100 - Input validation error in Linux kernel
Published: July 2, 2025 Updated: July 4, 2025
Security Bulletin ID
SB20250702100
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2022-49975)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __dev_queue_xmit() function in net/core/dev.c, within the convert___skb_to_skb() function in net/bpf/test_run.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/6204bf78b2a903b96ba43afff6abc0b04d6e0462
- https://git.kernel.org/stable/c/72f2dc8993f10262092745a88cb2dd0fef094f23
- https://git.kernel.org/stable/c/8b68e53d56697a59b5c53893b53f508bbdf272a0
- https://git.kernel.org/stable/c/a75987714bd2d8e59840667a28e15c1fa5c47554
- https://git.kernel.org/stable/c/fd1894224407c484f652ad456e1ce423e89bb3eb
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.141
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.65
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.212
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0