CVE-2022-49578

Summary

In the Linux kernel, the following vulnerability has been resolved:

ip: Fix data-races around sysctl_ip_prot_sock.

sysctl_ip_prot_sock is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4548b683b78137f8eadeb312b94e20bb0d4a7141 < 9add240f76af6d141d2eebd3a1558a0e503a993daffected
LinuxLinux4548b683b78137f8eadeb312b94e20bb0d4a7141 < 95724fe897a4ecf2be51452ef96e818568071664affected
LinuxLinux4548b683b78137f8eadeb312b94e20bb0d4a7141 < ef699813d99cc29e6e25c9f6da7766526cc8bd6eaffected
LinuxLinux4548b683b78137f8eadeb312b94e20bb0d4a7141 < 9b55c20f83369dd54541d9ddbe3a018a8377f451affected
LinuxLinux4.11affected
LinuxLinux0 < 4.11unaffected
LinuxLinux5.10.134 <= 5.10.*unaffected
LinuxLinux5.15.58 <= 5.15.*unaffected
LinuxLinux5.18.15 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References