Linux Kernel Vulnerability Affecting UDP Segmentation
CVE-2022-50365

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 17 September 2025

What is CVE-2022-50365?

In the Linux kernel, a vulnerability exists that affects the handling of tail adjustments during pull operations. This issue arises when a program utilizes a helper function like BPF_FUNC_skb_pull_data to access partial content that exceeds the head length of a socket buffer (skb). If all socket buffers in the Generic Segmentation Offload (GSO) fragment list are linear without a head fragment, it can lead to unexpected behaviors, including potential kernel bugs, as observed in specific operations like UDP packet segmentation. To address this issue, there is a need to mark packets accordingly to handle tail updates properly.

Affected Version(s)

Linux 162a5a8c3aff15c449e6b38355cdf80ab4f77a5a

Linux 55fb612bef7fd237fb70068e2b6ff1cd1543a8ef < 6ac417d71b80e74b002313fcd73f7e9008e8e457

Linux 821302dd0c51d29269ef73a595bdff294419e2cd < 2d59f0ca153e9573ec4f140988c0ccca0eb4181b

References

https://git.kernel.org/stable/c/ff3743d00f41d803e6ab93349...

https://git.kernel.org/stable/c/6ac417d71b80e74b002313fcd...

https://git.kernel.org/stable/c/2d59f0ca153e9573ec4f14098...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2025
Vulnerability Reserved
Sep 17, 2025