Race condition within a thread in Linux kernel - CVE-2022-49574
Published: February 26, 2025 / Updated: May 11, 2025
Vulnerability identifier: #VU104842
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-49574
CWE-ID: CWE-366
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the tcp_rack_reo_wnd() and tcp_rack_update_reo_wnd() functions in net/ipv4/tcp_recovery.c, within the tcp_init_undo() function in net/ipv4/tcp_input.c. A local user can corrupt data.
How to mitigate CVE-2022-49574
Install update from vendor's website.
Sources
- https://git.kernel.org/stable/c/52ee7f5c4811ce6be1becd14d38ba1f8a8a0df81
- https://git.kernel.org/stable/c/92c35113c63306091df9211375eebd0abd8c2160
- https://git.kernel.org/stable/c/a31e2d0cb5cfa2aae3144cac04f25031d5d20fb4
- https://git.kernel.org/stable/c/c7a492db1f7c37c758a66915908677bd8bc5d368
- https://git.kernel.org/stable/c/d8781f7cd04091744f474a2bada74772084b9dc9
- https://git.kernel.org/stable/c/e7d2ef837e14a971a05f60ea08c47f3fed1a36e4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.254
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.134
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.58
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.15
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.208