CVE-2022-49575

Summary

In the Linux kernel, the following vulnerability has been resolved:

tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.

While reading sysctl_tcp_thin_linear_timeouts, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux36e31b0af58728071e8023cf8e20c5166b700717 < f4b0295be9a3c4260de4585fac4062e602a88ac7affected
LinuxLinux36e31b0af58728071e8023cf8e20c5166b700717 < 492f3713b282c0e67e951cd804edd22eccc25412affected
LinuxLinux36e31b0af58728071e8023cf8e20c5166b700717 < cc133e4f4bc225079198192623945bb872c08143affected
LinuxLinux36e31b0af58728071e8023cf8e20c5166b700717 < 404c53ccdebd11f96954f4070cffac8e0b4d5cb6affected
LinuxLinux36e31b0af58728071e8023cf8e20c5166b700717 < a0f96c4f179cb3560078cefccef105e8f1701210affected
LinuxLinux36e31b0af58728071e8023cf8e20c5166b700717 < 7c6f2a86ca590d5187a073d987e9599985fb1c7caffected
LinuxLinux2.6.34affected
LinuxLinux0 < 2.6.34unaffected
LinuxLinux4.19.254 <= 4.19.*unaffected
LinuxLinux5.4.208 <= 5.4.*unaffected
LinuxLinux5.10.134 <= 5.10.*unaffected
LinuxLinux5.15.58 <= 5.15.*unaffected
LinuxLinux5.18.15 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References