CVE-2022-50564

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue related to the return type of the netiucv tx() function. With the kernel control flow integrity (kCFI) enabled (CONFIG CFI CLANG), indirect call targets are validated against the expected function pointer prototype to mitigate Return-Oriented Programming (ROP) attacks. A mismatch in the expected and actual return types can lead to a kernel panic or thread termination. The ndo start xmit() function within the struct net device ops structure expects a return type of netdev tx t, but the netiucv tx() function currently returns an integer (int). This discrepancy can trigger a control flow integrity failure if the ARCH SUPPORTS CFI CLANG configuration option is selected. The issue also involves the removal of a no-longer-relevant comment block.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.