CVE-2022-49587

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_notsent_lowat. While reading sysctl_tcp_notsent_lowat, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0f75343584ee474303e17efe0610bdd170af1d13	Patch
https://git.kernel.org/stable/c/55be873695ed8912eb77ff46d1d1cadf028bd0f3	Patch
https://git.kernel.org/stable/c/62e56cfeb2ae4b53ae9ca24c80f54093250ce64a	Patch
https://git.kernel.org/stable/c/80d4d0c461674eea87f0977e12a2ecd334b9b79c	Patch
https://git.kernel.org/stable/c/91e21df688f8a75255ca9c459da39ac96300113a	Patch
https://git.kernel.org/stable/c/c1b85c5a34294f7444c13bf828e0e84b0a0eed85	Patch
https://git.kernel.org/stable/c/e9362a993886613ef0284c2a4911c6017c97d803	Patch
https://git.kernel.org/stable/c/fd6f1284e380c377932186042ff0b5c987fb2b92	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc3::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc4::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc5::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc6::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc7::::::

History

10 Mar 2025, 20:23

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/0f75343584ee474303e17efe0610bdd170af1d13 -~~	() https://git.kernel.org/stable/c/0f75343584ee474303e17efe0610bdd170af1d13 - Patch
References	~~() https://git.kernel.org/stable/c/55be873695ed8912eb77ff46d1d1cadf028bd0f3 -~~	() https://git.kernel.org/stable/c/55be873695ed8912eb77ff46d1d1cadf028bd0f3 - Patch
References	~~() https://git.kernel.org/stable/c/62e56cfeb2ae4b53ae9ca24c80f54093250ce64a -~~	() https://git.kernel.org/stable/c/62e56cfeb2ae4b53ae9ca24c80f54093250ce64a - Patch
References	~~() https://git.kernel.org/stable/c/80d4d0c461674eea87f0977e12a2ecd334b9b79c -~~	() https://git.kernel.org/stable/c/80d4d0c461674eea87f0977e12a2ecd334b9b79c - Patch
References	~~() https://git.kernel.org/stable/c/91e21df688f8a75255ca9c459da39ac96300113a -~~	() https://git.kernel.org/stable/c/91e21df688f8a75255ca9c459da39ac96300113a - Patch
References	~~() https://git.kernel.org/stable/c/c1b85c5a34294f7444c13bf828e0e84b0a0eed85 -~~	() https://git.kernel.org/stable/c/c1b85c5a34294f7444c13bf828e0e84b0a0eed85 - Patch
References	~~() https://git.kernel.org/stable/c/e9362a993886613ef0284c2a4911c6017c97d803 -~~	() https://git.kernel.org/stable/c/e9362a993886613ef0284c2a4911c6017c97d803 - Patch
References	~~() https://git.kernel.org/stable/c/fd6f1284e380c377932186042ff0b5c987fb2b92 -~~	() https://git.kernel.org/stable/c/fd6f1284e380c377932186042ff0b5c987fb2b92 - Patch
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.19:rc4:::::: cpe:2.3:o:linux:linux_kernel:5.19:rc5:::::: cpe:2.3:o:linux:linux_kernel:5.19:rc7:::::: cpe:2.3:o:linux:linux_kernel:5.19:rc6:::::: cpe:2.3:o:linux:linux_kernel:5.19:rc2:::::: cpe:2.3:o:linux:linux_kernel:5.19:rc3:::::: cpe:2.3:o:linux:linux_kernel:5.19:rc1::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.7
CWE		CWE-362
First Time		Linux linux Kernel Linux
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tcp: Se ha corregido una ejecución de datos en torno a sysctl_tcp_notsent_lowat. Al leer sysctl_tcp_notsent_lowat, se puede modificar simultáneamente. Por lo tanto, debemos agregar READ_ONCE() a su lector.

26 Feb 2025, 07:01

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-26 07:01

Updated : 2025-03-10 20:23

NVD link : CVE-2022-49587

Mitre link : CVE-2022-49587

CVE.ORG link : CVE-2022-49587

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

4.7 /10