{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-49664","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-02-26T02:21:30.435Z","datePublished":"2025-02-26T02:23:59.792Z","dateUpdated":"2025-10-01T19:36:47.835Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T12:45:05.097Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: move bc link creation back to tipc_node_create\n\nShuang Li reported a NULL pointer dereference crash:\n\n  [] BUG: kernel NULL pointer dereference, address: 0000000000000068\n  [] RIP: 0010:tipc_link_is_up+0x5/0x10 [tipc]\n  [] Call Trace:\n  []  <IRQ>\n  []  tipc_bcast_rcv+0xa2/0x190 [tipc]\n  []  tipc_node_bc_rcv+0x8b/0x200 [tipc]\n  []  tipc_rcv+0x3af/0x5b0 [tipc]\n  []  tipc_udp_recv+0xc7/0x1e0 [tipc]\n\nIt was caused by the 'l' passed into tipc_bcast_rcv() is NULL. When it\ncreates a node in tipc_node_check_dest(), after inserting the new node\ninto hashtable in tipc_node_create(), it creates the bc link. However,\nthere is a gap between this insert and bc link creation, a bc packet\nmay come in and get the node from the hashtable then try to dereference\nits bc link, which is NULL.\n\nThis patch is to fix it by moving the bc link creation before inserting\ninto the hashtable.\n\nNote that for a preliminary node becoming \"real\", the bc link creation\nshould also be called before it's rehashed, as we don't create it for\npreliminary nodes."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/tipc/node.c"],"versions":[{"version":"4cbf8ac2fe5a0846508fe02b95a5de1a90fa73f4","lessThan":"456bc338871c4a52117dd5ef29cce3745456d248","status":"affected","versionType":"git"},{"version":"4cbf8ac2fe5a0846508fe02b95a5de1a90fa73f4","lessThan":"35fcb2ba35b4d9b592b558c3bcc6e0d90e213588","status":"affected","versionType":"git"},{"version":"4cbf8ac2fe5a0846508fe02b95a5de1a90fa73f4","lessThan":"e52910e671f58c619e33dac476b11b35e2d3ab6f","status":"affected","versionType":"git"},{"version":"4cbf8ac2fe5a0846508fe02b95a5de1a90fa73f4","lessThan":"cb8092d70a6f5f01ec1490fce4d35efed3ed996c","status":"affected","versionType":"git"},{"version":"0b8f0026bbd4df1688e1726026476e60762daf2a","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/tipc/node.c"],"versions":[{"version":"5.5","status":"affected"},{"version":"0","lessThan":"5.5","status":"unaffected","versionType":"semver"},{"version":"5.10.129","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.53","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.18.10","lessThanOrEqual":"5.18.*","status":"unaffected","versionType":"semver"},{"version":"5.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.129"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.15.53"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.18.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.287"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/456bc338871c4a52117dd5ef29cce3745456d248"},{"url":"https://git.kernel.org/stable/c/35fcb2ba35b4d9b592b558c3bcc6e0d90e213588"},{"url":"https://git.kernel.org/stable/c/e52910e671f58c619e33dac476b11b35e2d3ab6f"},{"url":"https://git.kernel.org/stable/c/cb8092d70a6f5f01ec1490fce4d35efed3ed996c"}],"title":"tipc: move bc link creation back to tipc_node_create","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2022-49664","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2025-10-01T19:33:28.247716Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-476","description":"CWE-476 NULL Pointer Dereference"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-01T19:36:47.835Z"}}]}}