CVE-2022-49975
Our Analysis: Embedded
Our model has classified this vulnerability as relevant to Embedded Systems, helping your team prioritize efforts effectively.
Published Date
June 18, 2025
Last Modified
June 18, 2025
CVSS Vector
Not Available
Description
In the Linux kernel, the following vulnerability has been resolved:
bpf: Don't redirect packets with invalid pkt_len
Syzbot found an issue [1]: fq_codel_drop() try to drop a flow whitout any
skbs, that is, the flow->head is null.
The root cause, as the [2] says, is because that bpf_prog_test_run_skb()
run a bpf prog which redirects empty skbs.
So we should determine whether the length of the packet modified by bpf
prog or others like bpf_prog_test is valid before forwarding it directly.