4.7
CVE-2022-49920
- EPSS 0.12%
- Veröffentlicht 01.05.2025 14:10:59
- Zuletzt bearbeitet 01.10.2025 15:15:35
- CVE-Watchlists
- Unerledigt
netfilter: nf_tables: netlink notifier might race to release objects
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: netlink notifier might race to release objects commit release path is invoked via call_rcu and it runs lockless to release the objects after rcu grace period. The netlink notifier handler might win race to remove objects that the transaction context is still referencing from the commit release path. Call rcu_barrier() to ensure pending rcu callbacks run to completion if the list of transactions to be destroyed is not empty.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.12 < 5.15.78
Linux ≫ Linux Kernel Version >= 5.16 < 6.0.8
Linux ≫ Linux Kernel Version6.1 Updaterc1
Linux ≫ Linux Kernel Version6.1 Updaterc2
Linux ≫ Linux Kernel Version6.1 Updaterc3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.018 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.7 | 1 | 3.6 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.7 | 1 | 3.6 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
https://git.kernel.org/stable/c/1ffe7100411a8b9015115ce124cd6c9c9da6f8e3
https://git.kernel.org/stable/c/e40b7c44d19e327ad8b49a491ef1fa8dcc4566e0
https://git.kernel.org/stable/c/d4bc8271db21ea9f1c86a1ca4d64999f184d4aae