CVE-2022-49576

Опубликовано: 26 фев. 2025

Источник: redhat

CVSS3: 4.7

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix data-races around sysctl_fib_multipath_hash_fields. While reading sysctl_fib_multipath_hash_fields, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.

Отчет

The bug is only about possibility of value corruption during reading sysctl_fib_multipath_hash_fields (and only if Mellanox Technologies Switch ASICs family hardware being used). No known vector of attack. The security impact is limited.

Меры по смягчению последствий

To mitigate this issue, prevent module mlxsw_core from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Out of support scope
Red Hat Enterprise Linux 8	kernel-rt	Out of support scope
Red Hat Enterprise Linux 9	kernel	Not affected
Red Hat Enterprise Linux 9	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-567

https://bugzilla.redhat.com/show_bug.cgi?id=2347944kernel: ipv4: Fix data-races around sysctl_fib_multipath_hash_fields.

EPSS

Процентиль: 5%

0.00023

Низкий

4.7 Medium

CVSS3

Связанные уязвимости

CVE-2022-49576

CVSS3: 4.7

ubuntu

12 месяцев назад

CVE-2022-49576

CVSS3: 4.7

nvd

12 месяцев назад

CVE-2022-49576

CVSS3: 4.7

debian

12 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: i ...

GHSA-gpm7-vrgw-5m8r

CVSS3: 4.7

github

11 месяцев назад

EPSS

Процентиль: 5%

0.00023

Низкий

4.7 Medium

CVSS3