CVE-2025-22063
Published: Apr 16, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets When calling netlbl_conn_setattr(), addr->sa_family is used to determine the function behavior. If sk is an IPv4 socket, but the connect function is called with an IPv6 address, the function calipso_sock_setattr() is triggered. Inside this function, the following code is executed: sk_fullsock(__sk) ? inet_sk(__sk)->pinet6 : NULL; Since sk is an IPv4 socket, pinet6 is NULL, leading to a null pointer dereference. This patch fixes the issue by checking if inet6_sk(sk) returns a NULL pointer before accessing pinet6.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected ceba1832b1b2da0149c51de62a847c00bca1677a - < 1ad9166cab6a0f5c0b10344a97bdf749ae11dcbfaffected ceba1832b1b2da0149c51de62a847c00bca1677a - < 1e38f7a6cdd68377f8a4189b2fbaec14a6dd5152affected ceba1832b1b2da0149c51de62a847c00bca1677a - < a7e89541d05b98c79a51c0f95df020f8e82b62edaffected ceba1832b1b2da0149c51de62a847c00bca1677a - < 797e5371cf55463b4530bab3fef5f27f7c6657a8affected ceba1832b1b2da0149c51de62a847c00bca1677a - < 1927d0bcd5b81e80971bf6b8eba267508bd1c78b+4 more versions |
Linux | Linux | affected 4.8unaffected 0 - < 4.8unaffected 5.4.292 - <= 5.4.*unaffected 5.10.236 - <= 5.10.*unaffected 5.15.180 - <= 5.15.*+6 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now