CVE-2022-49589
MEDIUMLinux Kernel Data Race in IGMP Query Robustness Variable Handling
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: igmp: Fix data-races around sysctl_igmp_qrv. While reading sysctl_igmp_qrv, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers. This test can be packed into a helper, so such changes will be in the follow-up series after net is merged into net-next. qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
References (6)
Core 6
Core References
Mailing List, Patch
https://git.kernel.org/stable/c/9eeb3a7702998bdccbfcc37997b5dd9215b9a7f7
Mailing List, Patch
https://git.kernel.org/stable/c/e20dd1b0e0ea15bee1e528536a0840dba972ca0e
Mailing List, Patch
https://git.kernel.org/stable/c/b399ffafffba39f47b731b26a5da1dc0ffc4b3ad
Mailing List, Patch
https://git.kernel.org/stable/c/c721324afc589f8ea54bae04756b150aeaae5fa4
Mailing List, Patch
https://git.kernel.org/stable/c/c2954671010cd1127d1ffa328c6e6f8e99930982
Mailing List, Patch
https://git.kernel.org/stable/c/8ebcc62c738f68688ee7c6fec2efe5bc6d3d7e60
Scores
CVSS v3
4.7
EPSS
0.0018
EPSS Percentile
7.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-362
Status
published
Products (21)
linux/Kernel
3.18.0 - 4.19.255linux
linux/Kernel
4.20.0 - 5.4.209linux
linux/Kernel
5.11.0 - 5.15.59linux
linux/Kernel
5.16.0 - 5.18.15linux
linux/Kernel
5.5.0 - 5.10.135linux
Linux/Linux
< 3.18
Linux/Linux
3.18
Linux/Linux
4.19.255 - 4.19.*
Linux/Linux
5.10.135 - 5.10.*
Linux/Linux
5.15.59 - 5.15.*
... and 11 more
Published
Feb 26, 2025
Tracked Since
Feb 18, 2026