What is CVE-2022-50817?

CVE-2022-50817 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 3.17 onward and patched in 5.10.152, 5.15.76, 6.0.6 and others. CVE-2022-50817 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-50817?

CVE-2022-50817 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2022-50817?

Yes, CVE-2022-50817 has been patched. Fixed versions include 5.10.152, 5.15.76, 6.0.6 and others. If you are running Linux kernel 3.17 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2022-50817 actively exploited?

CVE-2022-50817 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2022-50817

In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid possible NULL deref in skb_clone() syzbot got a crash [1] in skb_clone(), caused by a bug in hsr_get_untagged_frame(). When/if create_stripped_skb_hsr() returns NULL, we must not attempt to call skb_clone(). While we are at it, replace a WARN_ONCE() by netdev_warn_once(). [1] general protection fault, probably for non-canonical address 0xdffffc000000000f: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000078-0x000000000000007f] CPU: 1 PID: 754 Comm: syz-executor.0 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 RIP: 0010:skb_clone+0x108/0x3c0 net/core/skbuff.c:1641 Code: 93 02 00 00 49 83 7c 24 28 00 0f 85 e9 00 00 00 e8 5d 4a 29 fa 4c 8d 75 7e 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 <0f> b6 04 02 4c 89 f2 83 e2 07 38 d0 7f 08 84 c0 0f 85 9e 01 00 00 RSP: 0018:ffffc90003ccf4e0 EFLAGS: 00010207 RAX: dffffc0000000000 RBX: ffffc90003ccf5f8 RCX: ffffc9000c24b000 RDX: 000000000000000f RSI: ffffffff8751cb13 RDI: 0000000000000000 RBP: 0000000000000000 R08: 00000000000000f0 R09: 0000000000000140 R10: fffffbfff181d972 R11: 0000000000000000 R12: ffff888161fc3640 R13: 0000000000000a20 R14: 000000000000007e R15: ffffffff8dc5f620 FS: 00007feb621e4700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007feb621e3ff8 CR3: 00000001643a9000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> hsr_get_untagged_frame+0x4e/0x610 net/hsr/hsr_forward.c:164 hsr_forward_do net/hsr/hsr_forward.c:461 [inline] hsr_forward_skb+0xcca/0x1d50 net/hsr/hsr_forward.c:623 hsr_handle_frame+0x588/0x7c0 net/hsr/hsr_slave.c:69 __netif_receive_skb_core+0x9fe/0x38f0 net/core/dev.c:5379 __netif_receive_skb_one_core+0xae/0x180 net/core/dev.c:5483 __netif_receive_skb+0x1f/0x1c0 net/core/dev.c:5599 netif_receive_skb_internal net/core/dev.c:5685 [inline] netif_receive_skb+0x12f/0x8d0 net/core/dev.c:5744 tun_rx_batched+0x4ab/0x7a0 drivers/net/tun.c:1544 tun_get_user+0x2686/0x3a00 drivers/net/tun.c:1995 tun_chr_write_iter+0xdb/0x200 drivers/net/tun.c:2025 call_write_iter include/linux/fs.h:2187 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x9e9/0xdd0 fs/read_write.c:584 ksys_write+0x127/0x250 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Package Linux Kernel

Published 2025-12-30

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 3.17 and later are affected. Fixed in 5.10.152, 5.15.76, 6.0.6, 6.1 and their respective stable series.

Affected from

≥ 3.17

Fixed in

✓ 5.10.152 5.10.x ✓ 5.15.76 5.15.x ✓ 6.0.6 6.0.x ✓ 6.1

References

The following references provide additional information about CVE-2022-50817 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/35ece858660eae13ee0242496a1956c39d29418e
Patch
Kernel patch commit
https://git.kernel.org/stable/c/c46f2e0fcd1ecfc6046e5cf785ff89f0572f94e4
Patch
Kernel patch commit
https://git.kernel.org/stable/c/d8b57135fd9ffe9a5b445350a686442a531c5339
Patch

4 patch commits total View all on NVD

Frequently asked questions

What is CVE-2022-50817?

CVE-2022-50817 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 3.17 onward and has been patched in 5.10.152, 5.15.76, 6.0.6 and others. CVE-2022-50817 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2022-50817?

Yes — CVE-2022-50817 has been patched. Fixed versions include 5.10.152, 5.15.76, 6.0.6 and others. If you are running Linux kernel 3.17 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2022-50817 actively exploited?

No — CVE-2022-50817 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.