SB20250226688 - Race condition within a thread in Linux kernel net driver
Published: February 26, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250226688
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Race condition within a thread (CVE-ID: CVE-2022-49589)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the igmp_ifc_event(), igmp_heard_query(), igmpv3_add_delrec(), igmpv3_del_delrec(), igmp_group_added(), ip_mc_reset(), ip_mc_del1_src(), ip_mc_del_src() and ip_mc_add_src() functions in net/ipv4/igmp.c, within the amt_build_igmp_gq() and amt_newlink() functions in drivers/net/amt.c. A local user can corrupt data.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/8ebcc62c738f68688ee7c6fec2efe5bc6d3d7e60
- https://git.kernel.org/stable/c/9eeb3a7702998bdccbfcc37997b5dd9215b9a7f7
- https://git.kernel.org/stable/c/b399ffafffba39f47b731b26a5da1dc0ffc4b3ad
- https://git.kernel.org/stable/c/c2954671010cd1127d1ffa328c6e6f8e99930982
- https://git.kernel.org/stable/c/c721324afc589f8ea54bae04756b150aeaae5fa4
- https://git.kernel.org/stable/c/e20dd1b0e0ea15bee1e528536a0840dba972ca0e
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.209