CVE-2022-49577

Summary

In the Linux kernel, the following vulnerability has been resolved:

udp: Fix a data-race around sysctl_udp_l3mdev_accept.

While reading sysctl_udp_l3mdev_accept, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux63a6fff353d01da5a22b72670c434bf12fa0e3b8 < f39b03bd727a8fea62e82f10fe2e0d753b9930ffaffected
LinuxLinux63a6fff353d01da5a22b72670c434bf12fa0e3b8 < fcaef69c79ec222e55643e666b80b221e70fa6a8affected
LinuxLinux63a6fff353d01da5a22b72670c434bf12fa0e3b8 < 3f2ac2d6511bb0652abf4d7388d65bb9ff1c641caffected
LinuxLinux63a6fff353d01da5a22b72670c434bf12fa0e3b8 < cb0d28934ca10f99c47e2c6f451405d6c954fe48affected
LinuxLinux63a6fff353d01da5a22b72670c434bf12fa0e3b8 < 3d72bb4188c708bb16758c60822fc4dda7a95174affected
LinuxLinux4.11affected
LinuxLinux0 < 4.11unaffected
LinuxLinux5.4.208 <= 5.4.*unaffected
LinuxLinux5.10.134 <= 5.10.*unaffected
LinuxLinux5.15.58 <= 5.15.*unaffected
LinuxLinux5.18.15 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References