CVE-2022-49631

raw: Fix a data-race around sysctl_raw_l3mdev_accept.

Severity Score

4.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: raw: Fix a data-race around sysctl_raw_l3mdev_accept. While reading sysctl_raw_l3mdev_accept, it can be changed concurrently.
Thus, we need to add READ_ONCE() to its reader.

A flaw was found in the RAW-IP module in the Linux kernel. A race condition can occur when reading the sysctl_raw_l3mdev_accept resource due to a missing lock, potentially impacting system stability and resulting in a denial of service.

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-05-04 CVE Updated
2025-06-28 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/6897445fb194c8ad046df4a13e1ee9f080a5a21e	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/cc9540ba5b3652c473af7e54892a48cdced87983	2022-07-21
https://git.kernel.org/stable/c/038a87b3e460d2ee579c8b1bd3890d816d6687b1	2022-07-21
https://git.kernel.org/stable/c/46e9c46203fd4676720ddca0fef7eff26826648e	2022-07-21
https://git.kernel.org/stable/c/ab5adca2e17d6595f3fc0e25ccb6bcbe2e01ca4f	2022-07-22
https://git.kernel.org/stable/c/1dace014928e6e385363032d359a04dee9158af0	2022-07-13

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-49631	2023-05-09
https://bugzilla.redhat.com/show_bug.cgi?id=2348158	2023-05-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.0 < 5.4.207 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.0 < 5.4.207"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.0 < 5.10.132 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.0 < 5.10.132"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.0 < 5.15.56 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.0 < 5.15.56"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.0 < 5.18.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.0 < 5.18.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.0 < 5.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.0 < 5.19"		en		Affected