CVE-2022-49598
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
tcp: Fix data-races around sysctl_tcp_mtu_probing.
While reading sysctl_tcp_mtu_probing, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 5d424d5a674f782d0659a3b66d951f412901faee < 7e8fc428a7f680f1c4994a40e52d7f95a9a93038 | affected |
| Linux | Linux | 5d424d5a674f782d0659a3b66d951f412901faee < f966773e13cdd3f12baa90071b7b660f6c633ccb | affected |
| Linux | Linux | 5d424d5a674f782d0659a3b66d951f412901faee < 77a04845f0d28a3561494a5f3121488470a968a4 | affected |
| Linux | Linux | 5d424d5a674f782d0659a3b66d951f412901faee < aabe9438fdfe004e021d5a206227ec105dbe2416 | affected |
| Linux | Linux | 5d424d5a674f782d0659a3b66d951f412901faee < b0920ca09d9ce19980c8391b9002455baa9c1417 | affected |
| Linux | Linux | 5d424d5a674f782d0659a3b66d951f412901faee < f47d00e077e7d61baf69e46dde3210c886360207 | affected |
| Linux | Linux | 2.6.17 | affected |
| Linux | Linux | 0 < 2.6.17 | unaffected |
| Linux | Linux | 4.19.254 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.208 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.134 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.58 <= 5.15.* | unaffected |
| Linux | Linux | 5.18.15 <= 5.18.* | unaffected |
| Linux | Linux | 5.19 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/7e8fc428a7f680f1c4994a40e52d7f95a9a93038
- https://git.kernel.org/stable/c/f966773e13cdd3f12baa90071b7b660f6c633ccb
- https://git.kernel.org/stable/c/77a04845f0d28a3561494a5f3121488470a968a4
- https://git.kernel.org/stable/c/aabe9438fdfe004e021d5a206227ec105dbe2416
- https://git.kernel.org/stable/c/b0920ca09d9ce19980c8391b9002455baa9c1417
- https://git.kernel.org/stable/c/f47d00e077e7d61baf69e46dde3210c886360207
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.