#VU104827 Race condition within a thread in Linux kernel - CVE-2022-49629
Published: February 26, 2025 / Updated: May 11, 2025
Vulnerability identifier: #VU104827
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-49629
CWE-ID: CWE-366
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the rt6_fill_node() function in net/ipv6/route.c, within the __remove_nexthop_fib() function in net/ipv4/nexthop.c, within the fib_dump_info() function in net/ipv4/fib_semantics.c. A local user can corrupt data.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/0d17723afea3ae8c9f245c9bbd2ba5945b77e812
- https://git.kernel.org/stable/c/a51040d4b120f3520df64fb0b9c63b31d69bea9b
- https://git.kernel.org/stable/c/ae3054f6fbccc90f14ecd6cf9b2c09a2401c64fd
- https://git.kernel.org/stable/c/bdf00bf24bef9be1ca641a6390fd5487873e0d2e
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.132
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.56
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19