CVE-2022-49596

MEDIUM

Linux Kernel 3.16.69-3.17 - Data Race in TCP sysctl_tcp_min_snd_mss Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_min_snd_mss. While reading sysctl_tcp_min_snd_mss, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.

References (5)

Core 5

Core References

Patch

https://git.kernel.org/stable/c/fdb96b69f5909ffcdd6f1e0902219fc6d7689ff7

Patch

https://git.kernel.org/stable/c/97992e8feff33b3ae154a113ec398546bbacda80

Patch

https://git.kernel.org/stable/c/0fc9357282df055e30990b29f4b7afa53ab42cdb

Patch

https://git.kernel.org/stable/c/0d8a39feb58910a7f7746b1770ee5578cc551fe6

Patch

https://git.kernel.org/stable/c/78eb166cdefcc3221c8c7c1e2d514e91a2eb5014

Scores

CVSS v3 4.7

EPSS 0.0018

EPSS Percentile 7.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-362

Status published

Products (26)

Linux/Linux < 5.2

Linux/Linux 2efabe3e1491f10bf3cf82ae1a371755ba054a1b

Linux/Linux 3.16.69 - 3.17

Linux/Linux 4.14.127 - 4.15

Linux/Linux 4.19.52 - 4.20

Linux/Linux 4.4.182 - 4.5

Linux/Linux 4.9.182 - 4.10

Linux/Linux 5.1.11 - 5.2

Linux/Linux 5.10.134 - 5.10.*

Linux/Linux 5.15.58 - 5.15.*

... and 16 more

Published Feb 26, 2025

Tracked Since Feb 18, 2026