CVE-2022-49604

Summary

In the Linux kernel, the following vulnerability has been resolved:

ip: Fix data-races around sysctl_ip_fwd_use_pmtu.

While reading sysctl_ip_fwd_use_pmtu, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf87c10a8aa1e82498c42d0335524d6ae7cf5a52b < eb15262128b793e4b1d1c4514d3e6d19c3959764affected
LinuxLinuxf87c10a8aa1e82498c42d0335524d6ae7cf5a52b < 7828309df0f89419a9349761a37c7d1b0da45697affected
LinuxLinuxf87c10a8aa1e82498c42d0335524d6ae7cf5a52b < b96ed5ccb09ae71103023ed13acefb194f609794affected
LinuxLinuxf87c10a8aa1e82498c42d0335524d6ae7cf5a52b < 93fbc06da1d819f3981a7bd7928c3641ea67b364affected
LinuxLinuxf87c10a8aa1e82498c42d0335524d6ae7cf5a52b < e364b5f6ffbfc457a997ad09a7baa16c19581edcaffected
LinuxLinuxf87c10a8aa1e82498c42d0335524d6ae7cf5a52b < 60c158dc7b1f0558f6cadd5b50d0386da0000d50affected
LinuxLinux3.14affected
LinuxLinux0 < 3.14unaffected
LinuxLinux4.19.254 <= 4.19.*unaffected
LinuxLinux5.4.208 <= 5.4.*unaffected
LinuxLinux5.10.134 <= 5.10.*unaffected
LinuxLinux5.15.58 <= 5.15.*unaffected
LinuxLinux5.18.15 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References