CVE-2022-49594

Summary

In the Linux kernel, the following vulnerability has been resolved:

tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor.

While reading sysctl_tcp_mtu_probe_floor, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc04b79b6cfd714144f6a2cf359603d82ee631e62 < 033963b220633ed1602d458e7e4ac06afa9fefb2affected
LinuxLinuxc04b79b6cfd714144f6a2cf359603d82ee631e62 < d5bece4df6090395f891110ef52a6f82d16685dbaffected
LinuxLinuxc04b79b6cfd714144f6a2cf359603d82ee631e62 < cc36c37f5fe066c4708e623ead96dc8f57224bf5affected
LinuxLinuxc04b79b6cfd714144f6a2cf359603d82ee631e62 < e2ecbf3f0aa88277d43908c53b99399d55729ff9affected
LinuxLinuxc04b79b6cfd714144f6a2cf359603d82ee631e62 < 8e92d4423615a5257d0d871fc067aa561f597debaffected
LinuxLinux5.4affected
LinuxLinux0 < 5.4unaffected
LinuxLinux5.4.208 <= 5.4.*unaffected
LinuxLinux5.10.134 <= 5.10.*unaffected
LinuxLinux5.15.58 <= 5.15.*unaffected
LinuxLinux5.18.15 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References