CVE-2022-49578

ip: Fix data-races around sysctl_ip_prot_sock.

Severity Score

4.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MITRE
TN

In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctl_ip_prot_sock. sysctl_ip_prot_sock is accessed concurrently, and there is always a chance
of data-race. So, all readers and writers need some basic protection to
avoid load/store-tearing.

In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctl_ip_prot_sock. sysctl_ip_prot_sock is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-02-26 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/4548b683b78137f8eadeb312b94e20bb0d4a7141	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/9add240f76af6d141d2eebd3a1558a0e503a993d	2022-07-29
https://git.kernel.org/stable/c/95724fe897a4ecf2be51452ef96e818568071664	2022-07-29
https://git.kernel.org/stable/c/ef699813d99cc29e6e25c9f6da7766526cc8bd6e	2022-07-29
https://git.kernel.org/stable/c/9b55c20f83369dd54541d9ddbe3a018a8377f451	2022-07-20

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-49578	2023-05-09
https://bugzilla.redhat.com/show_bug.cgi?id=2347713	2023-05-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 5.10.134 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 5.10.134"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 5.15.58 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 5.15.58"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 5.18.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 5.18.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 5.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 5.19"		en		Affected