CVE-2022-49641

MEDIUM

Linux Kernel 4.4.24-4.4.x - Data Race in proc_douintvec

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in proc_douintvec(). A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch changes proc_douintvec() to use READ_ONCE() and WRITE_ONCE() internally to fix data-races on the sysctl side. For now, proc_douintvec() itself is tolerant to a data-race, but we still need to add annotations on the other subsystem's side.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/d5d54714e329f646bd7af4994fc427d88ee68936

Patch

https://git.kernel.org/stable/c/d335db59f7fb3353f56e52371f1ee796ae9c8f09

Patch

https://git.kernel.org/stable/c/630c76850d554d7140232e71b5d1663e88cffb54

Patch

https://git.kernel.org/stable/c/4762b532ec9539755aab61445d5da6e1926ccb99

Scores

CVSS v3 4.7

EPSS 0.0016

EPSS Percentile 5.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-362

Status published

Products (16)

Linux/Linux < 4.8

Linux/Linux 4.4.24 - 4.5

Linux/Linux 4.7.7 - 4.8

Linux/Linux 4.8

Linux/Linux 5.10.132 - 5.10.*

Linux/Linux 5.15.56 - 5.15.*

Linux/Linux 5.18.13 - 5.18.*

Linux/Linux 5.19

Linux/Linux 70cd763eb1574cac07138be91f474a661e02d694

Linux/Linux e7d316a02f683864a12389f8808570e37fb90aa3 - 4762b532ec9539755aab61445d5da6e1926ccb99

... and 6 more

Published Feb 26, 2025

Tracked Since Feb 18, 2026