CVE-2022-50764 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: ipv6/sit: use DEV_STATS_INC() to avoid data-races syzbot/KCSAN reported that multiple cpus are updating dev->stats.tx_error concurrently. This is because sit tunnels are NETIF_F_LLTX, meaning their ndo_start_xmit() is not protected by a spinlock. While original KCSAN report was about tx path, rx path has the same issue.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/207501a986831174df09a36a8cb62a28f92f0dc8
https://git.kernel.org/stable/c/222cc04356984f3f98acfa756a69d4bed7c501ac
https://git.kernel.org/stable/c/4eed93bb3e57b8cc78d17166a14e40a73276015a
https://git.kernel.org/stable/c/cb34b7cf17ecf33499c9298943f85af247abc1e9

History

Wed, 24 Dec 2025 13:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ipv6/sit: use DEV_STATS_INC() to avoid data-races syzbot/KCSAN reported that multiple cpus are updating dev->stats.tx_error concurrently. This is because sit tunnels are NETIF_F_LLTX, meaning their ndo_start_xmit() is not protected by a spinlock. While original KCSAN report was about tx path, rx path has the same issue.
Title		ipv6/sit: use DEV_STATS_INC() to avoid data-races
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/207501a986831174df09a36a8cb62a28f92f0dc8 https://git.kernel.org/stable/c/222cc04356984f3f98acfa756a69d4bed7c501ac https://git.kernel.org/stable/c/4eed93bb3e57b8cc78d17166a14e40a73276015a https://git.kernel.org/stable/c/cb34b7cf17ecf33499c9298943f85af247abc1e9

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-24T13:05:55.423Z

Updated: 2025-12-24T13:05:55.423Z

Reserved: 2025-12-24T13:02:21.546Z

Link: CVE-2022-50764

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-24T13:16:03.193

Modified: 2025-12-24T13:16:03.193

Link: CVE-2022-50764

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-50764", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-24T13:02:21.546Z", "datePublished": "2025-12-24T13:05:55.423Z", "dateUpdated": "2025-12-24T13:05:55.423Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-24T13:05:55.423Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6/sit: use DEV_STATS_INC() to avoid data-races\n\nsyzbot/KCSAN reported that multiple cpus are updating dev->stats.tx_error\nconcurrently.\n\nThis is because sit tunnels are NETIF_F_LLTX, meaning their ndo_start_xmit()\nis not protected by a spinlock.\n\nWhile original KCSAN report was about tx path, rx path has the same issue."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv6/sit.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "222cc04356984f3f98acfa756a69d4bed7c501ac", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "4eed93bb3e57b8cc78d17166a14e40a73276015a", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "207501a986831174df09a36a8cb62a28f92f0dc8", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "cb34b7cf17ecf33499c9298943f85af247abc1e9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv6/sit.c"], "versions": [{"version": "5.15.86", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.16", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.2", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.86"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.0.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/222cc04356984f3f98acfa756a69d4bed7c501ac"}, {"url": "https://git.kernel.org/stable/c/4eed93bb3e57b8cc78d17166a14e40a73276015a"}, {"url": "https://git.kernel.org/stable/c/207501a986831174df09a36a8cb62a28f92f0dc8"}, {"url": "https://git.kernel.org/stable/c/cb34b7cf17ecf33499c9298943f85af247abc1e9"}], "title": "ipv6/sit: use DEV_STATS_INC() to avoid data-races", "x_generator": {"engine": "bippy-1.2.0"}}}}