CVE-2022-49600

MEDIUM

Linux Kernel 5.7-5.10.134 5.11-5.15.58 5.16-5.18.15 - Data Race in sysctl_ip_autobind_reuse

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ip: Fix a data-race around sysctl_ip_autobind_reuse. While reading sysctl_ip_autobind_reuse, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/611ba70e5aca252ef43374dda97ed4cf1c47a07c

Patch

https://git.kernel.org/stable/c/87ceaa199a72c5856d49a030941fabcd5c3928d4

Patch

https://git.kernel.org/stable/c/fa7cdcf9b28d13aac1eeb34b948db8a18e041341

Patch

https://git.kernel.org/stable/c/0db232765887d9807df8bcb7b6f29b2871539eab

Scores

CVSS v3 4.7

EPSS 0.0018

EPSS Percentile 7.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-362

Status published

Products (15)

linux/Kernel 5.11.0 - 5.15.58linux

linux/Kernel 5.16.0 - 5.18.15linux

linux/Kernel 5.7.0 - 5.10.134linux

Linux/Linux < 5.7

Linux/Linux 4b01a9674231a97553a55456d883f584e948a78d - 0db232765887d9807df8bcb7b6f29b2871539eab

Linux/Linux 4b01a9674231a97553a55456d883f584e948a78d - 611ba70e5aca252ef43374dda97ed4cf1c47a07c

Linux/Linux 4b01a9674231a97553a55456d883f584e948a78d - 87ceaa199a72c5856d49a030941fabcd5c3928d4

Linux/Linux 4b01a9674231a97553a55456d883f584e948a78d - fa7cdcf9b28d13aac1eeb34b948db8a18e041341

Linux/Linux 5.10.134 - 5.10.*

Linux/Linux 5.15.58 - 5.15.*

... and 5 more

Published Feb 26, 2025

Tracked Since Feb 18, 2026