CVE-2022-49637

Summary

In the Linux kernel, the following vulnerability has been resolved:

ipv4: Fix a data-race around sysctl_fib_sync_mem.

While reading sysctl_fib_sync_mem, it can be changed concurrently. So, we need to add READ_ONCE() to avoid a data-race.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9ab948a91b2c2abc8e82845c0e61f4b1683e3a4f < 7c1acd98fb221dc0d847451b9ab86319f8b9916caffected
LinuxLinux9ab948a91b2c2abc8e82845c0e61f4b1683e3a4f < 418b191d5f223a8cb6cab09eae1f72c04ba6adf2affected
LinuxLinux9ab948a91b2c2abc8e82845c0e61f4b1683e3a4f < 9be8aac91960ea32fd0e874758c9afee665c57d2affected
LinuxLinux9ab948a91b2c2abc8e82845c0e61f4b1683e3a4f < 190cd4ff128373271e065afb20f1d2247b3f10c3affected
LinuxLinux9ab948a91b2c2abc8e82845c0e61f4b1683e3a4f < 73318c4b7dbd0e781aaababff17376b2894745c0affected
LinuxLinux5.2affected
LinuxLinux0 < 5.2unaffected
LinuxLinux5.4.207 <= 5.4.*unaffected
LinuxLinux5.10.132 <= 5.10.*unaffected
LinuxLinux5.15.56 <= 5.15.*unaffected
LinuxLinux5.18.13 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References