Race condition within a thread in Linux kernel ipv4
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-49590 |
| CWE-ID | CWE-366 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Race condition within a thread
EUVDB-ID: #VU104854
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49590
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the add_grec(), igmpv3_send_report(), igmp_send_report(), igmp_heard_report(), igmp_heard_query(), __igmp_group_dropped(), igmp_group_added() and ip_mc_rejoin_groups() functions in net/ipv4/igmp.c. A local user can corrupt data.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.9 - 5.19 rc6
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.9:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.8:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/1656ecaddf90e2a070ec2d2404cdae3edf80faca
https://git.kernel.org/stable/c/260446eb8e5541402b271343a4516f2b33dec1e4
https://git.kernel.org/stable/c/46307adceb67bdf2ec38408dd9cebc378a6b5c46
https://git.kernel.org/stable/c/473aad9ad57ff760005377e6f45a2ad4210e08ce
https://git.kernel.org/stable/c/a84b4afaca2573ed3aed1f8854aefe3ca5a82e72
https://git.kernel.org/stable/c/d77969e7d4ccc26bf1f414a39ef35050a83ba6d5
https://git.kernel.org/stable/c/ed876e99ccf417b8bd7fd8408ba5e8b008e46cc8
https://git.kernel.org/stable/c/f6da2267e71106474fbc0943dc24928b9cb79119
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.290
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.254
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.325
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.134
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.58
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.15
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.208
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
