CVE-2022-49633

Опубликовано: 26 фев. 2025

Источник: redhat

CVSS3: 4.7

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: icmp: Fix data-races around sysctl_icmp_echo_enable_probe. While reading sysctl_icmp_echo_enable_probe, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.

Отчет

Only corruption of int value during read could happen (and no known scenarios of attack, so unlikely that attacker can trigger it remotely or local user without privileges can trigger it). The problem could happen when using particular kind of ICMP packets for IPV6 (so not actual until IPV6 enabled and ICMP being used). The security impact is limited.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Affected
Red Hat Enterprise Linux 9	kernel-rt	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

https://bugzilla.redhat.com/show_bug.cgi?id=2348163kernel: icmp: Fix data-races around sysctl_icmp_echo_enable_probe.

EPSS

Процентиль: 6%

0.00025

Низкий

4.7 Medium

CVSS3

Связанные уязвимости

CVE-2022-49633

CVSS3: 4.7

ubuntu

12 месяцев назад

CVE-2022-49633

CVSS3: 4.7

nvd

12 месяцев назад

CVE-2022-49633

CVSS3: 4.7

debian

12 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: i ...

GHSA-v6v7-p6g2-52pc

CVSS3: 4.7

github

11 месяцев назад

EPSS

Процентиль: 6%

0.00025

Низкий

4.7 Medium

CVSS3