4.7

CVE-2022-49587

tcp: Fix a data-race around sysctl_tcp_notsent_lowat.

In the Linux kernel, the following vulnerability has been resolved:

tcp: Fix a data-race around sysctl_tcp_notsent_lowat.

While reading sysctl_tcp_notsent_lowat, it can be changed concurrently.
Thus, we need to add READ_ONCE() to its reader.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.12 < 4.9.325
LinuxLinux Kernel Version >= 4.10 < 4.14.290
LinuxLinux Kernel Version >= 4.15 < 4.19.254
LinuxLinux Kernel Version >= 4.20 < 5.4.208
LinuxLinux Kernel Version >= 5.5 < 5.10.134
LinuxLinux Kernel Version >= 5.11 < 5.15.58
LinuxLinux Kernel Version >= 5.16 < 5.18.15
LinuxLinux Kernel Version5.19 Updaterc1
LinuxLinux Kernel Version5.19 Updaterc2
LinuxLinux Kernel Version5.19 Updaterc3
LinuxLinux Kernel Version5.19 Updaterc4
LinuxLinux Kernel Version5.19 Updaterc5
LinuxLinux Kernel Version5.19 Updaterc6
LinuxLinux Kernel Version5.19 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.079
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://git.kernel.org/stable/c/0f75343584ee474303e17efe0610bdd170af1d13
Patch
https://git.kernel.org/stable/c/55be873695ed8912eb77ff46d1d1cadf028bd0f3
Patch
https://git.kernel.org/stable/c/62e56cfeb2ae4b53ae9ca24c80f54093250ce64a
Patch
https://git.kernel.org/stable/c/80d4d0c461674eea87f0977e12a2ecd334b9b79c
Patch
https://git.kernel.org/stable/c/91e21df688f8a75255ca9c459da39ac96300113a
Patch
https://git.kernel.org/stable/c/c1b85c5a34294f7444c13bf828e0e84b0a0eed85
Patch
https://git.kernel.org/stable/c/e9362a993886613ef0284c2a4911c6017c97d803
Patch
https://git.kernel.org/stable/c/fd6f1284e380c377932186042ff0b5c987fb2b92
Patch