Null Pointer Dereference in Linux Kernel's TIPC Server Component
CVE-2022-50555
What is CVE-2022-50555?
A null pointer dereference vulnerability exists in the TIPC server component of the Linux Kernel. This flaw can lead to system crashes or unintended behavior when the server component attempts to access a listener that may have been set to null. The issue was detected during a code review, discovering that the listener can be improperly referenced due to a lack of adequate checks in the tipc_topsrv_accept function. Mitigations include implementing checks on the listener while under lock protection and ensuring the sequence of operations is maintained to prevent premature resource release. Prompt patching is advised for all affected versions to secure against potential exploitation.
Affected Version(s)
Linux 0ef897be12b8b4cf297b6016e79ec97ec90f2cf6
Linux 0ef897be12b8b4cf297b6016e79ec97ec90f2cf6 < 24b129aed8730e48f47d852d58d76825ab6f407c
Linux 0ef897be12b8b4cf297b6016e79ec97ec90f2cf6 < 32a3d4660b34ce49ac0162338ebe362098e2f5df