CVE-2022-49637

ipv4: Fix a data-race around sysctl_fib_sync_mem.

Severity Score

4.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MITRE
TN

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctl_fib_sync_mem. While reading sysctl_fib_sync_mem, it can be changed concurrently.
So, we need to add READ_ONCE() to avoid a data-race.

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctl_fib_sync_mem. While reading sysctl_fib_sync_mem, it can be changed concurrently. So, we need to add READ_ONCE() to avoid a data-race.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-05-04 CVE Updated
2025-06-28 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/9ab948a91b2c2abc8e82845c0e61f4b1683e3a4f	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/7c1acd98fb221dc0d847451b9ab86319f8b9916c	2022-07-21
https://git.kernel.org/stable/c/418b191d5f223a8cb6cab09eae1f72c04ba6adf2	2022-07-21
https://git.kernel.org/stable/c/9be8aac91960ea32fd0e874758c9afee665c57d2	2022-07-21
https://git.kernel.org/stable/c/190cd4ff128373271e065afb20f1d2247b3f10c3	2022-07-22
https://git.kernel.org/stable/c/73318c4b7dbd0e781aaababff17376b2894745c0	2022-07-08

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-49637	2023-05-09
https://bugzilla.redhat.com/show_bug.cgi?id=2348310	2023-05-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.2 < 5.4.207 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.2 < 5.4.207"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.2 < 5.10.132 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.2 < 5.10.132"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.2 < 5.15.56 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.2 < 5.15.56"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.2 < 5.18.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.2 < 5.18.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.2 < 5.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.2 < 5.19"		en		Affected