Race condition within a thread in Linux kernel ipv4



| Updated: 2025-05-11
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-49638
CWE-ID CWE-366
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Race condition within a thread

EUVDB-ID: #VU104834

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49638

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to corrupt data.

The vulnerability exists due to a data race within the icmp_global_allow() function in net/ipv4/icmp.c. A local user can corrupt data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 4.19 - 4.19.252

CPE2.3 External links

https://git.kernel.org/stable/c/0cba7ca667ceb06934746ddd9833a25847bde81d
https://git.kernel.org/stable/c/1740e5922fbb705637ae9fa5203db132fc45f9f6
https://git.kernel.org/stable/c/48d7ee321ea5182c6a70782aa186422a70e67e22
https://git.kernel.org/stable/c/53ecd09ef2fb35fa69667ae8e414ef6b00fd3bf6
https://git.kernel.org/stable/c/798c2cf57c63ab39c8aac24d6a3d50f4fa5eeb06
https://git.kernel.org/stable/c/e088ceb73c24ab4774da391d54a6426f4bfaefce
https://git.kernel.org/stable/c/e2828e8c605853f71267825c9415437c0a93e4f2
https://git.kernel.org/stable/c/edeec63b13c252193d626c2a48d7a2f0e7016dc2
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.253


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###