CVE-2022-49573

Summary

In the Linux kernel, the following vulnerability has been resolved:

tcp: Fix a data-race around sysctl_tcp_early_retrans.

While reading sysctl_tcp_early_retrans, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxeed530b6c67624db3f2cf477bac7c4d005d8f7ba < 488d3ad98ef7cddce7054193dbae6b4349c6807daffected
LinuxLinuxeed530b6c67624db3f2cf477bac7c4d005d8f7ba < 83767fe800a311370330d4ec83aa76093b744a80affected
LinuxLinuxeed530b6c67624db3f2cf477bac7c4d005d8f7ba < 11e8b013d16e5db63f8f76acceb5b86964098aaaaffected
LinuxLinuxeed530b6c67624db3f2cf477bac7c4d005d8f7ba < 5037ca9e4b169cc9aed0174d658c3d81fdaf8ea5affected
LinuxLinuxeed530b6c67624db3f2cf477bac7c4d005d8f7ba < d5975f6376ce90c2c483ae36bf88c9cface4c13baffected
LinuxLinuxeed530b6c67624db3f2cf477bac7c4d005d8f7ba < 52e65865deb6a36718a463030500f16530eaab74affected
LinuxLinux3.5affected
LinuxLinux0 < 3.5unaffected
LinuxLinux4.19.254 <= 4.19.*unaffected
LinuxLinux5.4.208 <= 5.4.*unaffected
LinuxLinux5.10.134 <= 5.10.*unaffected
LinuxLinux5.15.58 <= 5.15.*unaffected
LinuxLinux5.18.15 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References