CVE-2022-49630

Summary

In the Linux kernel, the following vulnerability has been resolved:

tcp: Fix a data-race around sysctl_tcp_ecn_fallback.

While reading sysctl_tcp_ecn_fallback, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux492135557dc090a1abb2cfbe1a412757e3ed68ab < 8bcf7339f2cf70ea4461df6ea045d1aadfabfa11affected
LinuxLinux492135557dc090a1abb2cfbe1a412757e3ed68ab < 1ec3d6c2626ee6e1b36b7bd006873a271406ba61affected
LinuxLinux492135557dc090a1abb2cfbe1a412757e3ed68ab < 12b8d9ca7e678abc48195294494f1815b555d658affected
LinuxLinux4.2affected
LinuxLinux0 < 4.2unaffected
LinuxLinux5.15.56 <= 5.15.*unaffected
LinuxLinux5.18.13 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References