PT-2025-8595 · Linux+1 · Linux Kernel+1

Syzbot

Published

2022-06-29

Updated

2025-02-27

CVE-2022-49662

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0-rc2-syzkaller

Description A vulnerability has been resolved in the Linux kernel. The issue is related to the use of rcu dereference() when rcu read lock() is not held, as reported by syzbot. This can cause a lockdep splat in in6 dump addrs(). The problem occurs in the net/ipv6/addrconf.c file.

Recommendations For Linux kernel versions prior to 5.19.0-rc2-syzkaller, update to a version that includes the fix for the in6 dump addrs() function to prevent the lockdep splat. As a temporary workaround, consider restricting the use of the rcu dereference() function when rcu read lock() is not held to minimize the risk of exploitation.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2026-04001

CVE-2022-49662

Affected Products

Astra Linux

Linux Kernel

PT-2025-8595 · Linux+1 · Linux Kernel+1

CVE-2022-49662

Weakness Enumeration

Related Identifiers

Affected Products

References · 19