CVE-2022-49580

Summary

In the Linux kernel, the following vulnerability has been resolved:

ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh.

While reading sysctl_fib_multipath_use_neigh, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa6db4494d218c2e559173661ee972e048dc04fdd < 6727f39e99e0f545d815edebb6c94228485427ecaffected
LinuxLinuxa6db4494d218c2e559173661ee972e048dc04fdd < e045d672ba06e1d35bacb56374d350de0ac99066affected
LinuxLinuxa6db4494d218c2e559173661ee972e048dc04fdd < b8d345db03b4deffb4f04219a51d3b1e94171b76affected
LinuxLinuxa6db4494d218c2e559173661ee972e048dc04fdd < 14e996577ed2799a1ed6ffeb71c76d63acb28444affected
LinuxLinuxa6db4494d218c2e559173661ee972e048dc04fdd < 87507bcb4f5de16bb419e9509d874f4db6c0ad0faffected
LinuxLinux4.7affected
LinuxLinux0 < 4.7unaffected
LinuxLinux5.4.208 <= 5.4.*unaffected
LinuxLinux5.10.134 <= 5.10.*unaffected
LinuxLinux5.15.58 <= 5.15.*unaffected
LinuxLinux5.18.15 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References