CVE-2025-22063

Updated: 2025-11-10 02:23:21.593994

Description:

In the Linux kernel, the following vulnerability has been resolved: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets When calling netlbl_conn_setattr(), addr->sa_family is used to determine the function behavior. If sk is an IPv4 socket, but the connect function is called with an IPv6 address, the function calipso_sock_setattr() is triggered. Inside this function, the following code is executed: sk_fullsock(__sk) ? inet_sk(__sk)->pinet6 : NULL; Since sk is an IPv4 socket, pinet6 is NULL, leading to a null pointer dereference. This patch fixes the issue by checking if inet6_sk(sk) returns a NULL pointer before accessing pinet6.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 5.5 MEDIUM Ignored 2025-05-06 06:17:06 CVE-2025-22063 is a local-only null-pointer dereference in the kernel’s NetLabel CALIPSO path that...
CentOS 8.4 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2025-05-06 06:17:07 Ignored due to low severity
CentOS 8.5 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2025-05-06 06:17:07 Ignored due to low severity
CentOS Stream 8 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2025-05-06 06:17:06 Ignored due to low severity
Oracle Linux 7 ELS kernel-uek 5.4.17 5.5 MEDIUM Released CLSA-2025:1757963029 2025-09-16 01:20:14
TuxCare 9.6 ESU kernel 5.14.0 5.5 MEDIUM Ignored 2025-07-05 02:17:59 This is a local-only denial-of-service that requires NetLabel CALIPSO to be explicitly enabled and c...
Ubuntu 16.04 ELS linux-hwe 4.15.0 5.5 MEDIUM Ignored 2025-05-06 04:26:12 Ignored due to low severity
Ubuntu 18.04 ELS linux 4.15.0 5.5 MEDIUM Ignored 2025-09-10 21:49:53 Ignored due to low severity
Ubuntu 20.04 ELS linux 5.4.0 5.5 MEDIUM Ignored 2025-06-24 00:41:57 Ignored due to low severity