CVE-2022-49595

Summary

In the Linux kernel, the following vulnerability has been resolved:

tcp: Fix a data-race around sysctl_tcp_probe_threshold.

While reading sysctl_tcp_probe_threshold, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux6b58e0a5f32dedb609438bb9c9c82aa6e23381f2 < 9b5dc7ad6da1373d3c60d4b869d688f996e5d219affected
LinuxLinux6b58e0a5f32dedb609438bb9c9c82aa6e23381f2 < 44768749980d53bc01980d9c060f736808d11af0affected
LinuxLinux6b58e0a5f32dedb609438bb9c9c82aa6e23381f2 < 96900fa61777402eb5056269d8000aace33a8b6caffected
LinuxLinux6b58e0a5f32dedb609438bb9c9c82aa6e23381f2 < b04817c94fbd285a967d9b830b274fe9998c9c0baffected
LinuxLinux6b58e0a5f32dedb609438bb9c9c82aa6e23381f2 < d452ce36f2d4c402fa3f5275c9677f80166e7fc6affected
LinuxLinux6b58e0a5f32dedb609438bb9c9c82aa6e23381f2 < f524c3e7f6cdad66b3b6a912cef47b656f8b0de3affected
LinuxLinux6b58e0a5f32dedb609438bb9c9c82aa6e23381f2 < fa5fb2cf9393db898772db8cb897ed5fd265eb78affected
LinuxLinux6b58e0a5f32dedb609438bb9c9c82aa6e23381f2 < 92c0aa4175474483d6cf373314343d4e624e882aaffected
LinuxLinux4.1affected
LinuxLinux0 < 4.1unaffected
LinuxLinux4.9.325 <= 4.9.*unaffected
LinuxLinux4.14.290 <= 4.14.*unaffected
LinuxLinux4.19.254 <= 4.19.*unaffected
LinuxLinux5.4.208 <= 5.4.*unaffected
LinuxLinux5.10.134 <= 5.10.*unaffected
LinuxLinux5.15.58 <= 5.15.*unaffected
LinuxLinux5.18.15 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References