Executive Summary

Informations
Name CVE-2025-22062 First vendor Publication 2025-04-16
Vendor Cve Last vendor Modification 2025-05-22

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

sctp: add mutual exclusion in proc_sctp_do_udp_port()

We must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start() or risk a crash as syzbot reported:

Oops: general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 1 UID: 0 PID: 6551 Comm: syz.1.44 Not tainted 6.14.0-syzkaller-g7f2ff7b62617 #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:kernel_sock_shutdown+0x47/0x70 net/socket.c:3653 Call Trace:

udp_tunnel_sock_release+0x68/0x80 net/ipv4/udp_tunnel_core.c:181
sctp_udp_sock_stop+0x71/0x160 net/sctp/protocol.c:930
proc_sctp_do_udp_port+0x264/0x450 net/sctp/sysctl.c:553
proc_sys_call_handler+0x3d0/0x5b0 fs/proc/proc_sysctl.c:601
iter_file_splice_write+0x91c/0x1150 fs/splice.c:738
do_splice_from fs/splice.c:935 [inline]
direct_splice_actor+0x18f/0x6c0 fs/splice.c:1158
splice_direct_to_actor+0x342/0xa30 fs/splice.c:1102
do_splice_direct_actor fs/splice.c:1201 [inline]
do_splice_direct+0x174/0x240 fs/splice.c:1227
do_sendfile+0xafd/0xe50 fs/read_write.c:1368
__do_sys_sendfile64 fs/read_write.c:1429 [inline]
__se_sys_sendfile64 fs/read_write.c:1415 [inline]
__x64_sys_sendfile64+0x1d8/0x220 fs/read_write.c:1415
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22062

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-476 NULL Pointer Dereference

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3718

Sources (Detail)

https://git.kernel.org/stable/c/10206302af856791fbcc27a33ed3c3eb09b2793d
https://git.kernel.org/stable/c/386507cb6fb7cdef598ddcb3f0fa37e6ca9e789d
https://git.kernel.org/stable/c/65ccb2793da7401772a3ffe85355c831b313c59f
https://git.kernel.org/stable/c/b3598f53211ba1025485306de2733bdd241311a3
https://git.kernel.org/stable/c/d3d7675d77622f6ca1aae14c51f80027b36283f8
https://git.kernel.org/stable/c/e5178bfc55b3a78000f0f8298e7ade88783ce581
https://git.kernel.org/stable/c/efb8cb487be8f4ba6aaef616011d702d6a083ed1
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2025-06-26 02:41:21
  • Multiple Updates
2025-06-25 12:38:27
  • Multiple Updates
2025-06-24 02:45:47
  • Multiple Updates
2025-05-27 02:55:10
  • Multiple Updates
2025-05-26 21:20:50
  • First insertion