{"id":"CVE-2022-50655","summary":"ppp: associate skb with a device at tx","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nppp: associate skb with a device at tx\n\nSyzkaller triggered flow dissector warning with the following:\n\nr0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)\nioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0))\nioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000240)={0x2, &(0x7f0000000180)=[{0x20, 0x0, 0x0, 0xfffff034}, {0x6}]})\npwritev(r0, &(0x7f0000000040)=[{&(0x7f0000000140)='\\x00!', 0x2}], 0x1, 0x0, 0x0)\n\n[    9.485814] WARNING: CPU: 3 PID: 329 at net/core/flow_dissector.c:1016 __skb_flow_dissect+0x1ee0/0x1fa0\n[    9.485929]  skb_get_poff+0x53/0xa0\n[    9.485937]  bpf_skb_get_pay_offset+0xe/0x20\n[    9.485944]  ? ppp_send_frame+0xc2/0x5b0\n[    9.485949]  ? _raw_spin_unlock_irqrestore+0x40/0x60\n[    9.485958]  ? __ppp_xmit_process+0x7a/0xe0\n[    9.485968]  ? ppp_xmit_process+0x5b/0xb0\n[    9.485974]  ? ppp_write+0x12a/0x190\n[    9.485981]  ? do_iter_write+0x18e/0x2d0\n[    9.485987]  ? __import_iovec+0x30/0x130\n[    9.485997]  ? do_pwritev+0x1b6/0x240\n[    9.486016]  ? trace_hardirqs_on+0x47/0x50\n[    9.486023]  ? __x64_sys_pwritev+0x24/0x30\n[    9.486026]  ? do_syscall_64+0x3d/0x80\n[    9.486031]  ? entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFlow dissector tries to find skb net namespace either via device\nor via socket. Neigher is set in ppp_send_frame, so let's manually\nuse ppp-\u003edev.","modified":"2026-03-20T11:47:33.884097Z","published":"2025-12-09T00:00:30.337Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50655.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/148dcbd3af039ae39c3af697a3183008c7995805"},{"type":"WEB","url":"https://git.kernel.org/stable/c/18dc946360bfe0de016a59e3cc3ee1f450fceb9d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4b8f3b939266c90f03b7cc7e26a4c28c7b64137b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7da524781c531ebaf2f94c9dc4c541b82edecfed"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9f225444467b98579cf28d94f4ad053460dfdb84"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ee678b1f52f9439e930db2db3fd7e345d03e1a50"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50655.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50655"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d58e468b1112dcd1d5193c0a89ff9f98b5a3e8b9"},{"fixed":"7da524781c531ebaf2f94c9dc4c541b82edecfed"},{"fixed":"148dcbd3af039ae39c3af697a3183008c7995805"},{"fixed":"4b8f3b939266c90f03b7cc7e26a4c28c7b64137b"},{"fixed":"18dc946360bfe0de016a59e3cc3ee1f450fceb9d"},{"fixed":"ee678b1f52f9439e930db2db3fd7e345d03e1a50"},{"fixed":"9f225444467b98579cf28d94f4ad053460dfdb84"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50655.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.229"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.163"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.86"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.0.16"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.1.0"},{"fixed":"6.1.2"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50655.json"}}],"schema_version":"1.7.5"}