CVE-2022-49585

Summary

In the Linux kernel, the following vulnerability has been resolved:

tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout.

While reading sysctl_tcp_fastopen_blackhole_timeout, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxcf1ef3f0719b4dcb74810ed507e2a2540f9811b4 < 0dc2f19d8c2636cebda7976b5ea40c6d69f0d891affected
LinuxLinuxcf1ef3f0719b4dcb74810ed507e2a2540f9811b4 < a77a75a0e7f397550ab039f96115103e78dd5c69affected
LinuxLinuxcf1ef3f0719b4dcb74810ed507e2a2540f9811b4 < 8afa5604e295046c02b79ccf9e2bbbf8d969d60eaffected
LinuxLinuxcf1ef3f0719b4dcb74810ed507e2a2540f9811b4 < 021266ec640c7a4527e6cd4b7349a512b351de1daffected
LinuxLinux4.12affected
LinuxLinux0 < 4.12unaffected
LinuxLinux5.10.134 <= 5.10.*unaffected
LinuxLinux5.15.58 <= 5.15.*unaffected
LinuxLinux5.18.15 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References