CVE-2022-49641
sysctl: Fix data races in proc_douintvec().
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in proc_douintvec(). A sysctl variable is accessed concurrently, and there is always a chance
of data-race. So, all readers and writers need some basic protection to
avoid load/store-tearing. This patch changes proc_douintvec() to use READ_ONCE() and WRITE_ONCE()
internally to fix data-races on the sysctl side. For now, proc_douintvec()
itself is tolerant to a data-race, but we still need to add annotations on
the other subsystem's side.
In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in proc_douintvec(). A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch changes proc_douintvec() to use READ_ONCE() and WRITE_ONCE() internally to fix data-races on the sysctl side. For now, proc_douintvec() itself is tolerant to a data-race, but we still need to add annotations on the other subsystem's side.
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2025-02-26 CVE Reserved
- 2025-02-26 CVE Published
- 2025-05-04 CVE Updated
- 2025-06-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/e7d316a02f683864a12389f8808570e37fb90aa3 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/70cd763eb1574cac07138be91f474a661e02d694 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/f4cea51e9a3d536e2ca2b74a958f7c0b4ea733c3 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-49641 | 2023-05-09 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2347954 | 2023-05-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.8 < 5.10.132 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.10.132" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.8 < 5.15.56 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.15.56" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.8 < 5.18.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.18.13" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.8 < 5.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.19" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.4.24 Search vendor "Linux" for product "Linux Kernel" and version "4.4.24" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.7.7 Search vendor "Linux" for product "Linux Kernel" and version "4.7.7" | en |
Affected
| ||||||