PT-2025-38166 · Linux+4 · Linux Kernel+4

Published

2022-10-19

Updated

2025-11-24

CVE-2022-50356

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the networking scheduler (sfb) where a null pointer dereference can occur when sfb init() fails during the initialization of the default queue discipline (qdisc). Specifically, if the qdisc of dev queue fails to initialize during mqprio init(), sfb reset() is invoked, leading to a null pointer access when attempting to access q->qdisc. This can result in a general protection fault. The call trace indicates the issue originates within the qdisc reset() function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2026-02435

CESA-2023_7077

CVE-2022-50356

RHSA-2023:6583

RHSA-2023:7077

RHSA-2023_6583

RHSA-2023_7077

RHSA-2025:21051

RHSA-2025:21083

RHSA-2025:21091

RHSA-2025:21128

RHSA-2025:21136

RHSA-2025:23947

RHSA-2025:23960

SUSE-SU-2025:03615-1

SUSE-SU-2025:3761-1

SUSE-SU-2025:4189-1

Affected Products

Astra Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2025-38166 · Linux+4 · Linux Kernel+4

CVE-2022-50356

Weakness Enumeration

Related Identifiers

Affected Products

References · 1096