#VU104822 Race condition within a thread in Linux kernel - CVE-2022-49600
Published: February 26, 2025 / Updated: May 11, 2025
Vulnerability identifier: #VU104822
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-49600
CWE-ID: CWE-366
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the net/ipv4/inet_connection_sock.c. A local user can corrupt data.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/0db232765887d9807df8bcb7b6f29b2871539eab
- https://git.kernel.org/stable/c/611ba70e5aca252ef43374dda97ed4cf1c47a07c
- https://git.kernel.org/stable/c/87ceaa199a72c5856d49a030941fabcd5c3928d4
- https://git.kernel.org/stable/c/fa7cdcf9b28d13aac1eeb34b948db8a18e041341
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.15