CVE-2022-49975

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability has been identified in the Linux kernel where the bpf prog test run skb() function runs a bpf program that redirects empty skbs, causing the fq codel drop() function to attempt to drop a flow without any skbs. The root cause of this issue is the lack of validation of the packet length modified by bpf programs before forwarding it. Syzbot discovered this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.