CVE-2022-49597

Summary

In the Linux kernel, the following vulnerability has been resolved:

tcp: Fix data-races around sysctl_tcp_base_mss.

While reading sysctl_tcp_base_mss, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux5d424d5a674f782d0659a3b66d951f412901faee < 30b73edc1d2459ba2c71cb58fbf84a1a6e640fbfaffected
LinuxLinux5d424d5a674f782d0659a3b66d951f412901faee < 514d2254c7b8aa2d257f5ffc79f0d96be2d6bfdaaffected
LinuxLinux5d424d5a674f782d0659a3b66d951f412901faee < 4d7dea651b7fe0322be95054f64e3711afccc543affected
LinuxLinux5d424d5a674f782d0659a3b66d951f412901faee < 9ca18116bc16ec31b9a3ce28ea1350badfa36128affected
LinuxLinux5d424d5a674f782d0659a3b66d951f412901faee < 88d78bc097cd8ebc6541e93316c9d9bf651b13e8affected
LinuxLinux2.6.17affected
LinuxLinux0 < 2.6.17unaffected
LinuxLinux5.4.208 <= 5.4.*unaffected
LinuxLinux5.10.134 <= 5.10.*unaffected
LinuxLinux5.15.58 <= 5.15.*unaffected
LinuxLinux5.18.15 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References