CVE-2022-49600

Summary

In the Linux kernel, the following vulnerability has been resolved:

ip: Fix a data-race around sysctl_ip_autobind_reuse.

While reading sysctl_ip_autobind_reuse, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4b01a9674231a97553a55456d883f584e948a78d < 611ba70e5aca252ef43374dda97ed4cf1c47a07caffected
LinuxLinux4b01a9674231a97553a55456d883f584e948a78d < 87ceaa199a72c5856d49a030941fabcd5c3928d4affected
LinuxLinux4b01a9674231a97553a55456d883f584e948a78d < fa7cdcf9b28d13aac1eeb34b948db8a18e041341affected
LinuxLinux4b01a9674231a97553a55456d883f584e948a78d < 0db232765887d9807df8bcb7b6f29b2871539eabaffected
LinuxLinux5.7affected
LinuxLinux0 < 5.7unaffected
LinuxLinux5.10.134 <= 5.10.*unaffected
LinuxLinux5.15.58 <= 5.15.*unaffected
LinuxLinux5.18.15 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References