Race condition within a thread in Linux kernel - CVE-2022-49571
Published: February 26, 2025 / Updated: May 11, 2025
Vulnerability identifier: #VU104839
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-49571
CWE-ID: CWE-366
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the tcp_check_sack_reordering() and tcp_check_reno_reordering() functions in net/ipv4/tcp_input.c. A local user can corrupt data.
How to mitigate CVE-2022-49571
Install update from vendor's website.
Sources
- https://git.kernel.org/stable/c/064852663308c801861bd54789d81421fa4c2928
- https://git.kernel.org/stable/c/46deb91ac8a790286ad6d24cf92e7ab0ab2582bb
- https://git.kernel.org/stable/c/50a1d3d097503a90cf84ebe120afcde37e9c33b3
- https://git.kernel.org/stable/c/5e38cee24f19d19280c68f1ac8bf6790d607f60a
- https://git.kernel.org/stable/c/a11e5b3e7a59fde1a90b0eaeaa82320495cf8cae
- https://git.kernel.org/stable/c/ce3731c61589ed73364a5b55ce34131762ef9b60
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.58