CVE-2022-49588

Summary

In the Linux kernel, the following vulnerability has been resolved:

tcp: Fix data-races around sysctl_tcp_migrate_req.

While reading sysctl_tcp_migrate_req, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf9ac779f881c2ec3d1cdcd7fa9d4f9442bf60e80 < fcf6c6d8aeffebca66f37b17ef1b57112e5e09c1affected
LinuxLinuxf9ac779f881c2ec3d1cdcd7fa9d4f9442bf60e80 < 6e569a11eea20a1ccebc3c4e6366bf0574a449e1affected
LinuxLinuxf9ac779f881c2ec3d1cdcd7fa9d4f9442bf60e80 < 4177f545895b1da08447a80692f30617154efa6eaffected
LinuxLinuxcf6c06ac74879726c88fe1ec013727006cdbdd58affected
LinuxLinux5.10.188 < 5.11affected
LinuxLinux5.14affected
LinuxLinux0 < 5.14unaffected
LinuxLinux5.15.58 <= 5.15.*unaffected
LinuxLinux5.18.15 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References