Linux Kernel Vulnerability Affecting UDP Segmentation
CVE-2022-50365

5.5MEDIUM

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
17 September 2025

What is CVE-2022-50365?

In the Linux kernel, a vulnerability exists that affects the handling of tail adjustments during pull operations. This issue arises when a program utilizes a helper function like BPF_FUNC_skb_pull_data to access partial content that exceeds the head length of a socket buffer (skb). If all socket buffers in the Generic Segmentation Offload (GSO) fragment list are linear without a head fragment, it can lead to unexpected behaviors, including potential kernel bugs, as observed in specific operations like UDP packet segmentation. To address this issue, there is a need to mark packets accordingly to handle tail updates properly.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 162a5a8c3aff15c449e6b38355cdf80ab4f77a5a

Linux 55fb612bef7fd237fb70068e2b6ff1cd1543a8ef < 6ac417d71b80e74b002313fcd73f7e9008e8e457

Linux 821302dd0c51d29269ef73a595bdff294419e2cd < 2d59f0ca153e9573ec4f140988c0ccca0eb4181b

References

https://git.kernel.org/stable/c/ff3743d00f41d803e6ab93349...
https://git.kernel.org/stable/c/6ac417d71b80e74b002313fcd...
https://git.kernel.org/stable/c/2d59f0ca153e9573ec4f14098...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.