CVE-2022-49601

Summary

In the Linux kernel, the following vulnerability has been resolved:

tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept.

While reading sysctl_tcp_fwmark_accept, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux84f39b08d7868ce10eeaf640627cb89777f0ae93 < 13207f9485b5de68decf296ceb0046f5eabb2485affected
LinuxLinux84f39b08d7868ce10eeaf640627cb89777f0ae93 < 45fc82706a97242539d6b841ddd7a077ec20757baffected
LinuxLinux84f39b08d7868ce10eeaf640627cb89777f0ae93 < abf70de2ec026ae8d7da4e79bec61888a880e00baffected
LinuxLinux84f39b08d7868ce10eeaf640627cb89777f0ae93 < a7386602a2fe2f6192477e8ede291a815da09d81affected
LinuxLinux84f39b08d7868ce10eeaf640627cb89777f0ae93 < d4f65615db7fca3df9f7e79eadf937e6ddb03c54affected
LinuxLinux84f39b08d7868ce10eeaf640627cb89777f0ae93 < bf3134feffe61b7a0e21f60a04743f8da0958b53affected
LinuxLinux84f39b08d7868ce10eeaf640627cb89777f0ae93 < 526d8cf8824f613c72dba2155542295e70135f62affected
LinuxLinux84f39b08d7868ce10eeaf640627cb89777f0ae93 < 1a0008f9df59451d0a17806c1ee1a19857032fa8affected
LinuxLinux3.16affected
LinuxLinux0 < 3.16unaffected
LinuxLinux4.9.325 <= 4.9.*unaffected
LinuxLinux4.14.290 <= 4.14.*unaffected
LinuxLinux4.19.254 <= 4.19.*unaffected
LinuxLinux5.4.208 <= 5.4.*unaffected
LinuxLinux5.10.134 <= 5.10.*unaffected
LinuxLinux5.15.58 <= 5.15.*unaffected
LinuxLinux5.18.15 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References