CVE-2022-50405

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists in the VXLAN implementation when deleting a VXLAN device during packet reception. This can lead to a NULL pointer dereference within the vxlan ecn decapsulate() function if the socket is released after vxlan sock is obtained from sk user data. The issue occurs when deleting a VXLAN device while packets are being received, potentially leading to system instability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Resource Release

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-476

Related Identifiers

ALSA-2025_16880

BDU:2026-02440

CESA-2023_7077

CVE-2022-50405

OESA-2025-2553

RHSA-2023:2458

RHSA-2023:7077

RHSA-2023_2458

RHSA-2023_7077

SUSE-SU-2025:03614-1

Affected Products

Astra Linux

Centos

Linux Kernel

Red Hat

Suse

CVE-2022-50405

Weakness Enumeration

Related Identifiers

Affected Products

References · 451