CVE-2025-22063

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A NULL pointer exception has been identified in the Linux kernel, specifically in the netlabel component when handling CALIPSO on IPv4 sockets. The issue arises when the netlbl conn setattr() function is called with an IPv6 address on an IPv4 socket, triggering the calipso sock setattr() function. This leads to a null pointer dereference because pinet6 is NULL for IPv4 sockets. The problem occurs due to the lack of a check for a NULL pointer return from inet6 sk(sk) before accessing pinet6.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.