Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-49344

Опубликовано: 26 фев. 2025
Источник: redhat
CVSS3: 4.7
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix a data-race in unix_dgram_peer_wake_me(). unix_dgram_poll() calls unix_dgram_peer_wake_me() without other's lock held and check if its receive queue is full. Here we need to use unix_recvq_full_lockless() instead of unix_recvq_full(), otherwise KCSAN will report a data-race.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10kernelNot affected
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope
Red Hat Enterprise Linux 8kernelOut of support scope
Red Hat Enterprise Linux 8kernel-rtOut of support scope
Red Hat Enterprise Linux 9kernel-rtAffected
Red Hat Enterprise Linux 9kernelFixedRHSA-2023:658307.11.2023
Red Hat Enterprise Linux 9kernelFixedRHSA-2023:658307.11.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-362
https://bugzilla.redhat.com/show_bug.cgi?id=2347694kernel: af_unix: Fix a data-race in unix_dgram_peer_wake_me().

EPSS

Процентиль: 12%
0.0004
Низкий

4.7 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-49344

CVSS3: 4.7
ubuntu
12 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix a data-race in unix_dgram_peer_wake_me(). unix_dgram_poll() calls unix_dgram_peer_wake_me() without `other`'s lock held and check if its receive queue is full. Here we need to use unix_recvq_full_lockless() instead of unix_recvq_full(), otherwise KCSAN will report a data-race.

nvd логотип

CVE-2022-49344

CVSS3: 4.7
nvd
12 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix a data-race in unix_dgram_peer_wake_me(). unix_dgram_poll() calls unix_dgram_peer_wake_me() without `other`'s lock held and check if its receive queue is full. Here we need to use unix_recvq_full_lockless() instead of unix_recvq_full(), otherwise KCSAN will report a data-race.

debian логотип

CVE-2022-49344

CVSS3: 4.7
debian
12 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: a ...

github логотип

GHSA-j4wc-x6gv-2p4c

CVSS3: 4.7
github
11 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix a data-race in unix_dgram_peer_wake_me(). unix_dgram_poll() calls unix_dgram_peer_wake_me() without `other`'s lock held and check if its receive queue is full. Here we need to use unix_recvq_full_lockless() instead of unix_recvq_full(), otherwise KCSAN will report a data-race.

suse-cvrf логотип

SUSE-SU-2025:1293-1

suse-cvrf
10 месяцев назад

Security update for the Linux Kernel

EPSS

Процентиль: 12%
0.0004
Низкий

4.7 Medium

CVSS3