CVE-2022-49599

Summary

In the Linux kernel, the following vulnerability has been resolved:

tcp: Fix data-races around sysctl_tcp_l3mdev_accept.

While reading sysctl_tcp_l3mdev_accept, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux6dd9a14e92e54895e143f10fef4d0b9abe109aa9 < 1d9c81833dec46ccb52a1d0db970fefb7c4fa071affected
LinuxLinux6dd9a14e92e54895e143f10fef4d0b9abe109aa9 < 9ba9cd43b5776c27d25e5a32dde9e80bdeb1c6a1affected
LinuxLinux6dd9a14e92e54895e143f10fef4d0b9abe109aa9 < 7d38d86b818104cf88961f3aebea34da89364a8eaffected
LinuxLinux6dd9a14e92e54895e143f10fef4d0b9abe109aa9 < 08a75f10679470552a3a443f9aefd1399604d31daffected
LinuxLinux4.5affected
LinuxLinux0 < 4.5unaffected
LinuxLinux5.10.137 <= 5.10.*unaffected
LinuxLinux5.15.58 <= 5.15.*unaffected
LinuxLinux5.18.15 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References