CVE-2022-49589

igmp: Fix data-races around sysctl_igmp_qrv.

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MITRE
TN

In the Linux kernel, the following vulnerability has been resolved: igmp: Fix data-races around sysctl_igmp_qrv. While reading sysctl_igmp_qrv, it can be changed concurrently.
Thus, we need to add READ_ONCE() to its readers. This test can be packed into a helper, so such changes will be in the
follow-up series after net is merged into net-next. qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);

In the Linux kernel, the following vulnerability has been resolved: igmp: Fix data-races around sysctl_igmp_qrv. While reading sysctl_igmp_qrv, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers. This test can be packed into a helper, so such changes will be in the follow-up series after net is merged into net-next. qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-02-26 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/a9fe8e29945d56f35235a3a0fba99b4cf181d211	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/9eeb3a7702998bdccbfcc37997b5dd9215b9a7f7	2022-08-11
https://git.kernel.org/stable/c/e20dd1b0e0ea15bee1e528536a0840dba972ca0e	2022-08-03
https://git.kernel.org/stable/c/b399ffafffba39f47b731b26a5da1dc0ffc4b3ad	2022-08-03
https://git.kernel.org/stable/c/c721324afc589f8ea54bae04756b150aeaae5fa4	2022-08-03
https://git.kernel.org/stable/c/c2954671010cd1127d1ffa328c6e6f8e99930982	2022-07-29
https://git.kernel.org/stable/c/8ebcc62c738f68688ee7c6fec2efe5bc6d3d7e60	2022-07-18

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.18 < 4.19.255 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.18 < 4.19.255"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.18 < 5.4.209 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.18 < 5.4.209"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.18 < 5.10.135 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.18 < 5.10.135"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.18 < 5.15.59 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.18 < 5.15.59"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.18 < 5.18.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.18 < 5.18.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.18 < 5.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.18 < 5.19"		en		Affected