Security readout for executives and security teams
Plain-English summary
CVE-2022-50073 is a Linux kernel bug in TAP networking. In affected kernels, a crafted or malformed path through virtual networking can hit a NULL pointer and crash kernel code. The business impact is most likely availability loss on systems using TAP or vhost-based virtual networking, but the public data does not provide a CVSS score.
Executive priority
Prioritize as a stability and availability risk for virtualization or network infrastructure. Because severity, exploitation, and privilege requirements are not established in the provided sources, handle through normal kernel patch governance unless local exposure to TAP/vhost workloads is high.
Technical view
The flaw occurs when tap_get_user calls virtio_net_hdr_to_skb before skb->dev is set. virtio_net_hdr_to_skb reaches dev_parse_header_protocol, which dereferences skb->dev and can trigger a kernel NULL pointer dereference. Kernel stable commits set skb->dev earlier in tap.c to resolve the crash condition.
Likely exposure
Exposure is most relevant to Linux systems using the kernel TAP driver and virtual networking paths such as vhost_net. The source bundle lists Linux kernel versions and stable commit references, but distribution-specific affected and fixed package versions are not provided.
Exploitation context
The bundle shows a kernel crash trace and marks CISA KEV as false. No cited source states active exploitation, public exploit availability, remote reachability, or privilege requirements. Treat exploitability details as incomplete until vendor or distribution advisories clarify them.
Researcher notes
Key evidence is the upstream kernel description and stable commit references. The affected-version data is not enough to map every distribution kernel safely. Further analysis should focus on commit ancestry, distro backports, and whether untrusted actors can reach TAP send paths in the target environment.
Mitigation direction
Update to a Linux kernel build containing the referenced stable fixes.
Check distribution advisories for CVE-2022-50073 backport status.
Prioritize hosts using TAP or vhost-based virtual networking.
Avoid assuming unaffected status from upstream versions alone; verify packaged kernels.
Validation and detection
Inventory Linux kernel versions across virtualized and networking-heavy hosts.
Check whether deployed kernels include the referenced stable commits.
Review crash logs for NULL dereferences in virtio_net_hdr_to_skb or tap_get_user.
Confirm distribution security trackers map your package version to this CVE.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2022-50073 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
0ADP providers
5Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Jun 18, 2025, 11:02 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.