Race condition within a thread in Linux kernel ipv4
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-49593 |
| CWE-ID | CWE-366 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Race condition within a thread
EUVDB-ID: #VU104855
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49593
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the tcp_mtu_check_reprobe() function in net/ipv4/tcp_output.c. A local user can corrupt data.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 5.15 - 5.15.57
CPE2.3 External linkshttps://git.kernel.org/stable/c/2a85388f1d94a9f8b5a529118a2c5eaa0520d85c
https://git.kernel.org/stable/c/73a11588751a2c13f25d9da8117efc9a79b1843f
https://git.kernel.org/stable/c/80dabd089086e6553b7acfcff2ec223bdada87a1
https://git.kernel.org/stable/c/b14cc8afbbcbc6dce4797913c0b85266b897f541
https://git.kernel.org/stable/c/b3798d3519eda9c409bb0815b0102f27ec42468d
https://git.kernel.org/stable/c/c61aede097d350d890fa1edc9521b0072e14a0b8
https://git.kernel.org/stable/c/e6b6f027e2854a51f345a5e3e808d7a88001d4f8
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.58
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
