CVE-2022-49571

Опубликовано: 26 фев. 2025

Источник: redhat

CVSS3: 4.7

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_max_reordering. While reading sysctl_tcp_max_reordering, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.

Отчет

The bug is that during reading of the variable ipv4.sysctl_tcp_max_reordering potentially could read incorrect value if race happens (if simultaneously value of this variable being changed). Since corruption could happen only during reading and value of variable itself not corrupted and very complex or impossible to trigger the bug, the security impact is limited. Only root user or other privileged user can change value of this variable.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel-rt	Out of support scope
Red Hat Enterprise Linux 8	kernel	Out of support scope
Red Hat Enterprise Linux 8	kernel-rt	Out of support scope
Red Hat Enterprise Linux 9	kernel	Affected
Red Hat Enterprise Linux 9	kernel-rt	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-362

https://bugzilla.redhat.com/show_bug.cgi?id=2347648kernel: tcp: Fix data-races around sysctl_tcp_max_reordering.

EPSS

Процентиль: 7%

0.00027

Низкий

4.7 Medium

CVSS3

Связанные уязвимости

CVE-2022-49571

CVSS3: 4.7

ubuntu

12 месяцев назад

CVE-2022-49571

CVSS3: 4.7

nvd

12 месяцев назад

CVE-2022-49571

CVSS3: 4.7

debian

12 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: t ...

GHSA-jw75-r63h-46q8

CVSS3: 4.7

github

11 месяцев назад

EPSS

Процентиль: 7%

0.00027

Низкий

4.7 Medium

CVSS3