#VU104853 Race condition within a thread in Linux kernel - CVE-2022-49589
Published: February 26, 2025 / Updated: May 11, 2025
Vulnerability identifier: #VU104853
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-49589
CWE-ID: CWE-366
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the igmp_ifc_event(), igmp_heard_query(), igmpv3_add_delrec(), igmpv3_del_delrec(), igmp_group_added(), ip_mc_reset(), ip_mc_del1_src(), ip_mc_del_src() and ip_mc_add_src() functions in net/ipv4/igmp.c, within the amt_build_igmp_gq() and amt_newlink() functions in drivers/net/amt.c. A local user can corrupt data.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/8ebcc62c738f68688ee7c6fec2efe5bc6d3d7e60
- https://git.kernel.org/stable/c/9eeb3a7702998bdccbfcc37997b5dd9215b9a7f7
- https://git.kernel.org/stable/c/b399ffafffba39f47b731b26a5da1dc0ffc4b3ad
- https://git.kernel.org/stable/c/c2954671010cd1127d1ffa328c6e6f8e99930982
- https://git.kernel.org/stable/c/c721324afc589f8ea54bae04756b150aeaae5fa4
- https://git.kernel.org/stable/c/e20dd1b0e0ea15bee1e528536a0840dba972ca0e
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.209