SB2025062076 - Improper locking in Linux kernel kcm
Published: June 20, 2025 Updated: June 21, 2025
Security Bulletin ID
SB2025062076
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2022-49957)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kcm_attach() function in net/kcm/kcmsock.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0946ff31d1a8778787bf6708beb20f38715267cc
- https://git.kernel.org/stable/c/1b6666964ca1de93a7bf06e122bcf3616dbd33a9
- https://git.kernel.org/stable/c/473f394953216614087f4179e55cdf0cf616a13b
- https://git.kernel.org/stable/c/55fb8c3baa8071c5d533a9ad48624e44e2a04ef5
- https://git.kernel.org/stable/c/8fc29ff3910f3af08a7c40a75d436b5720efe2bf
- https://git.kernel.org/stable/c/a8a0c321319ad64a5427d6172cd9c23b4d6ca1e8
- https://git.kernel.org/stable/c/f865976baa85915c7672f351b74d5974b93215f6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.8