#VU104850 Race condition within a thread in Linux kernel - CVE-2022-49586
Published: February 26, 2025 / Updated: May 11, 2025
Vulnerability identifier: #VU104850
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-49586
CWE-ID: CWE-366
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the tcp_fastopen_no_cookie() and tcp_try_fastopen() functions in net/ipv4/tcp_fastopen.c, within the tcp_sendmsg_fastopen() and do_tcp_setsockopt() functions in net/ipv4/tcp.c, within the inet_listen() function in net/ipv4/af_inet.c. A local user can corrupt data.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/03da610696a32578fc4f986479341ce9d430df08
- https://git.kernel.org/stable/c/22938534c611136f35e2ca545bb668073ca5ef49
- https://git.kernel.org/stable/c/25d53d858a6c0b89a6e69e376c2a57c4f4c2c8cc
- https://git.kernel.org/stable/c/448ab998947996a0a451f8229f19087964cf2670
- https://git.kernel.org/stable/c/539d9ab79eba3974b479cad61a8688c41fe62e12
- https://git.kernel.org/stable/c/5a54213318c43f4009ae158347aa6016e3b9b55a
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.254
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.134
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.58
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.15
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.208