CVE-2022-49641

Summary

In the Linux kernel, the following vulnerability has been resolved:

sysctl: Fix data races in proc_douintvec().

A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing.

This patch changes proc_douintvec() to use READ_ONCE() and WRITE_ONCE() internally to fix data-races on the sysctl side. For now, proc_douintvec() itself is tolerant to a data-race, but we still need to add annotations on the other subsystem's side.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxe7d316a02f683864a12389f8808570e37fb90aa3 < d5d54714e329f646bd7af4994fc427d88ee68936affected
LinuxLinuxe7d316a02f683864a12389f8808570e37fb90aa3 < d335db59f7fb3353f56e52371f1ee796ae9c8f09affected
LinuxLinuxe7d316a02f683864a12389f8808570e37fb90aa3 < 630c76850d554d7140232e71b5d1663e88cffb54affected
LinuxLinuxe7d316a02f683864a12389f8808570e37fb90aa3 < 4762b532ec9539755aab61445d5da6e1926ccb99affected
LinuxLinux70cd763eb1574cac07138be91f474a661e02d694affected
LinuxLinuxf4cea51e9a3d536e2ca2b74a958f7c0b4ea733c3affected
LinuxLinux4.4.24 < 4.5affected
LinuxLinux4.7.7 < 4.8affected
LinuxLinux4.8affected
LinuxLinux0 < 4.8unaffected
LinuxLinux5.10.132 <= 5.10.*unaffected
LinuxLinux5.15.56 <= 5.15.*unaffected
LinuxLinux5.18.13 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References