CVE-2025-22063

Summary

In the Linux kernel, the following vulnerability has been resolved:

netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets

When calling netlbl_conn_setattr(), addr->sa_family is used to determine the function behavior. If sk is an IPv4 socket, but the connect function is called with an IPv6 address, the function calipso_sock_setattr() is triggered. Inside this function, the following code is executed:

sk_fullsock(__sk) ? inet_sk(__sk)->pinet6 : NULL;

Since sk is an IPv4 socket, pinet6 is NULL, leading to a null pointer dereference.

This patch fixes the issue by checking if inet6_sk(sk) returns a NULL pointer before accessing pinet6.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxceba1832b1b2da0149c51de62a847c00bca1677a < 1ad9166cab6a0f5c0b10344a97bdf749ae11dcbfaffected
LinuxLinuxceba1832b1b2da0149c51de62a847c00bca1677a < 1e38f7a6cdd68377f8a4189b2fbaec14a6dd5152affected
LinuxLinuxceba1832b1b2da0149c51de62a847c00bca1677a < a7e89541d05b98c79a51c0f95df020f8e82b62edaffected
LinuxLinuxceba1832b1b2da0149c51de62a847c00bca1677a < 797e5371cf55463b4530bab3fef5f27f7c6657a8affected
LinuxLinuxceba1832b1b2da0149c51de62a847c00bca1677a < 1927d0bcd5b81e80971bf6b8eba267508bd1c78baffected
LinuxLinuxceba1832b1b2da0149c51de62a847c00bca1677a < 3ba9cf69de50e8abed32b448616c313baa4c5712affected
LinuxLinuxceba1832b1b2da0149c51de62a847c00bca1677a < 9fe3839588db7519030377b7dee3f165e654f6c5affected
LinuxLinuxceba1832b1b2da0149c51de62a847c00bca1677a < 172a8a996a337206970467e871dd995ac07640b1affected
LinuxLinuxceba1832b1b2da0149c51de62a847c00bca1677a < 078aabd567de3d63d37d7673f714e309d369e6e2affected
LinuxLinux4.8affected
LinuxLinux0 < 4.8unaffected
LinuxLinux5.4.292 <= 5.4.*unaffected
LinuxLinux5.10.236 <= 5.10.*unaffected
LinuxLinux5.15.180 <= 5.15.*unaffected
LinuxLinux6.1.134 <= 6.1.*unaffected
LinuxLinux6.6.87 <= 6.6.*unaffected
LinuxLinux6.12.23 <= 6.12.*unaffected
LinuxLinux6.13.11 <= 6.13.*unaffected
LinuxLinux6.14.2 <= 6.14.*unaffected
LinuxLinux6.15 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References