CVE-2022-49577

Опубликовано: 26 фев. 2025

Источник: redhat

CVSS3: 4.7

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: udp: Fix a data-race around sysctl_udp_l3mdev_accept. While reading sysctl_udp_l3mdev_accept, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.

Отчет

The bug is that during reading of the variable net->ipv4.sysctl_udp_l3mdev_accept potentially could read incorrect value if race happens (if simultaneously value of this variable being changed). Since corruption could happen only during reading and value of variable itself not corrupted and very complex or impossible to trigger the bug, the security impact is limited. Only root user or other privileged user can change value of this variable.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 10	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel-rt	Out of support scope
Red Hat Enterprise Linux 8	kernel-rt	Out of support scope
Red Hat Enterprise Linux 9	kernel-rt	Affected
Red Hat Enterprise Linux 8	kernel	Fixed	RHSA-2023:2951	16.05.2023
Red Hat Enterprise Linux 9	kernel	Fixed	RHSA-2023:2458	09.05.2023
Red Hat Enterprise Linux 9	kernel	Fixed	RHSA-2023:2458	09.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-362

https://bugzilla.redhat.com/show_bug.cgi?id=2348255kernel: udp: Fix a data-race around sysctl_udp_l3mdev_accept.

EPSS

Процентиль: 7%

0.00027

Низкий

4.7 Medium

CVSS3

Связанные уязвимости

CVE-2022-49577

CVSS3: 4.7

ubuntu

12 месяцев назад

CVE-2022-49577

CVSS3: 4.7

nvd

12 месяцев назад

CVE-2022-49577

CVSS3: 4.7

debian

12 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: u ...

GHSA-8vfx-6h25-h9h3

CVSS3: 4.7

github

11 месяцев назад

EPSS

Процентиль: 7%

0.00027

Низкий

4.7 Medium

CVSS3