CVE-2022-50397 in Linux
Summary
by MITRE • 09/18/2025
In the Linux kernel, the following vulnerability has been resolved:
net/ieee802154: reject zero-sized raw_sendmsg()
syzbot is hitting skb_assert_len() warning at raw_sendmsg() for ieee802154 socket. What commit dc633700f00f726e ("net/af_packet: check len when min_header_len equals to 0") does also applies to ieee802154 socket.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 11/29/2025
The vulnerability identified in the Linux kernel affects the ieee802154 network protocol implementation within the net subsystem. This issue manifests as a potential denial of service condition that occurs when processing zero-sized packets through raw send operations on ieee802154 sockets. The problem stems from insufficient input validation during packet transmission, specifically in the raw_sendmsg() function which handles raw message sending for ieee802154 protocol instances.
The technical flaw resides in the absence of proper length validation when processing packets with zero size parameters. When a zero-sized packet is submitted through an ieee802154 socket using raw send functionality, the kernel's networking stack fails to adequately validate the packet dimensions before proceeding with transmission handling. This oversight triggers the skb_assert_len() warning mechanism, indicating that the kernel has detected an inconsistent packet length assertion within the socket buffer management system. The vulnerability directly impacts the kernel's ability to properly manage memory allocations and packet processing for ieee802154 protocol implementations.
This weakness creates operational risks that extend beyond simple denial of service conditions. Attackers could potentially exploit this vulnerability by sending malformed zero-sized packets to ieee802154 sockets, causing kernel panics or system crashes depending on the specific kernel version and configuration. The impact is particularly concerning in embedded systems or IoT devices that rely heavily on ieee802154 wireless communication protocols for mesh networking or sensor data transmission. The vulnerability affects any system running Linux kernels with ieee802154 support enabled, making it a widespread concern across various network infrastructure components.
The fix implemented addresses this issue by applying the same validation mechanism that was previously introduced for af_packet sockets in commit dc633700f00f726e. This approach ensures consistent packet length checking across different socket implementations within the networking subsystem. The solution involves adding proper bounds checking for packet sizes before allowing raw_sendmsg() to process zero-sized packets, thereby preventing the kernel from entering an inconsistent state during socket buffer operations. This mitigation aligns with security best practices outlined in common weakness enumeration cwe-129 and follows attack technique patterns described in the mitre attack framework under initial access and privilege escalation categories.
The resolution demonstrates how kernel-level protocol implementations must maintain consistent validation standards across different networking layers to prevent similar issues from propagating through the system. The fix reinforces the importance of input sanitization and proper error handling in kernel space operations, particularly for wireless communication protocols that may receive untrusted data from remote network participants. Organizations deploying systems with ieee802154 support should prioritize applying this patch to maintain system stability and prevent potential exploitation scenarios that could compromise network availability or system integrity.