CVE-2022-49590

In the Linux kernel, the following vulnerability has been resolved: igmp: Fix data-races around sysctl_igmp_llm_reports. While reading sysctl_igmp_llm_reports, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers. This test can be packed into a helper, so such changes will be in the follow-up series after net is merged into net-next. if (ipv4_is_local_multicast(pmc->multiaddr) && !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1656ecaddf90e2a070ec2d2404cdae3edf80faca	Mailing List Patch
https://git.kernel.org/stable/c/260446eb8e5541402b271343a4516f2b33dec1e4	Mailing List Patch
https://git.kernel.org/stable/c/46307adceb67bdf2ec38408dd9cebc378a6b5c46	Mailing List Patch
https://git.kernel.org/stable/c/473aad9ad57ff760005377e6f45a2ad4210e08ce	Mailing List Patch
https://git.kernel.org/stable/c/a84b4afaca2573ed3aed1f8854aefe3ca5a82e72	Mailing List Patch
https://git.kernel.org/stable/c/d77969e7d4ccc26bf1f414a39ef35050a83ba6d5	Mailing List Patch
https://git.kernel.org/stable/c/ed876e99ccf417b8bd7fd8408ba5e8b008e46cc8	Mailing List Patch
https://git.kernel.org/stable/c/f6da2267e71106474fbc0943dc24928b9cb79119	Mailing List Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc3::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc4::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc5::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc6::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc7::::::

History

10 Mar 2025, 20:23

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.19:rc4:::::: cpe:2.3:o:linux:linux_kernel:5.19:rc5:::::: cpe:2.3:o:linux:linux_kernel:5.19:rc7:::::: cpe:2.3:o:linux:linux_kernel:5.19:rc6:::::: cpe:2.3:o:linux:linux_kernel:5.19:rc2:::::: cpe:2.3:o:linux:linux_kernel:5.19:rc3:::::: cpe:2.3:o:linux:linux_kernel:5.19:rc1::::::
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: igmp: Se corrigen las ejecuciones de datos en torno a sysctl_igmp_llm_reports. Al leer sysctl_igmp_llm_reports, se puede cambiar simultáneamente. Por lo tanto, debemos agregar READ_ONCE() a sus lectores. Esta prueba se puede empaquetar en un asistente, por lo que dichos cambios estarán en la serie de seguimiento después de que net se fusione con net-next. if (ipv4_is_local_multicast(pmc->multiaddr) && !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
References	~~() https://git.kernel.org/stable/c/1656ecaddf90e2a070ec2d2404cdae3edf80faca -~~	() https://git.kernel.org/stable/c/1656ecaddf90e2a070ec2d2404cdae3edf80faca - Mailing List, Patch
References	~~() https://git.kernel.org/stable/c/260446eb8e5541402b271343a4516f2b33dec1e4 -~~	() https://git.kernel.org/stable/c/260446eb8e5541402b271343a4516f2b33dec1e4 - Mailing List, Patch
References	~~() https://git.kernel.org/stable/c/46307adceb67bdf2ec38408dd9cebc378a6b5c46 -~~	() https://git.kernel.org/stable/c/46307adceb67bdf2ec38408dd9cebc378a6b5c46 - Mailing List, Patch
References	~~() https://git.kernel.org/stable/c/473aad9ad57ff760005377e6f45a2ad4210e08ce -~~	() https://git.kernel.org/stable/c/473aad9ad57ff760005377e6f45a2ad4210e08ce - Mailing List, Patch
References	~~() https://git.kernel.org/stable/c/a84b4afaca2573ed3aed1f8854aefe3ca5a82e72 -~~	() https://git.kernel.org/stable/c/a84b4afaca2573ed3aed1f8854aefe3ca5a82e72 - Mailing List, Patch
References	~~() https://git.kernel.org/stable/c/d77969e7d4ccc26bf1f414a39ef35050a83ba6d5 -~~	() https://git.kernel.org/stable/c/d77969e7d4ccc26bf1f414a39ef35050a83ba6d5 - Mailing List, Patch
References	~~() https://git.kernel.org/stable/c/ed876e99ccf417b8bd7fd8408ba5e8b008e46cc8 -~~	() https://git.kernel.org/stable/c/ed876e99ccf417b8bd7fd8408ba5e8b008e46cc8 - Mailing List, Patch
References	~~() https://git.kernel.org/stable/c/f6da2267e71106474fbc0943dc24928b9cb79119 -~~	() https://git.kernel.org/stable/c/f6da2267e71106474fbc0943dc24928b9cb79119 - Mailing List, Patch
CWE		CWE-362
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.7
First Time		Linux linux Kernel Linux

26 Feb 2025, 07:01

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-26 07:01

Updated : 2025-03-10 20:23

NVD link : CVE-2022-49590

Mitre link : CVE-2022-49590

CVE.ORG link : CVE-2022-49590

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

4.7 /10