CVE-2025-22063

In the Linux kernel, the following vulnerability has been resolved:

netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets

When calling netlbl_conn_setattr(), addr->sa_family is used to determine the function behavior. If sk is an IPv4 socket, but the connect function is called with an IPv6 address, the function calipso_sock_setattr() is triggered. Inside this function, the following code is executed:

sk_fullsock(__sk) ? inet_sk(__sk)->pinet6 : NULL;

Since sk is an IPv4 socket, pinet6 is NULL, leading to a null pointer dereference.

This patch fixes the issue by checking if inet6_sk(sk) returns a NULL pointer before accessing pinet6.

Published: Apr 16, 2025
Updated: Apr 30, 2025
CVE: CVE-2025-22063
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	5.11	5.15.180
linux / linux_kernel	5.5	5.10.236
linux / linux_kernel	6.13	6.13.11
linux / linux_kernel	6.14	6.14.2
linux / linux_kernel	5.16	6.1.134
linux / linux_kernel	6.2	6.6.87
linux / linux_kernel	4.8	5.4.292
linux / linux_kernel	6.7	6.12.23

Vulnerability Database

289,697

CVE-2025-22063