| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022611-CVE-2022-49598-d784@gregkh> Date: Wed, 26 Feb 2025 03:22:41 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49598: tcp: Fix data-races around sysctl_tcp_mtu_probing. Description =========== In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_mtu_probing. While reading sysctl_tcp_mtu_probing, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers. The Linux kernel CVE team has assigned CVE-2022-49598 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.17 with commit 5d424d5a674f782d0659a3b66d951f412901faee and fixed in 4.19.254 with commit 7e8fc428a7f680f1c4994a40e52d7f95a9a93038 Issue introduced in 2.6.17 with commit 5d424d5a674f782d0659a3b66d951f412901faee and fixed in 5.4.208 with commit f966773e13cdd3f12baa90071b7b660f6c633ccb Issue introduced in 2.6.17 with commit 5d424d5a674f782d0659a3b66d951f412901faee and fixed in 5.10.134 with commit 77a04845f0d28a3561494a5f3121488470a968a4 Issue introduced in 2.6.17 with commit 5d424d5a674f782d0659a3b66d951f412901faee and fixed in 5.15.58 with commit aabe9438fdfe004e021d5a206227ec105dbe2416 Issue introduced in 2.6.17 with commit 5d424d5a674f782d0659a3b66d951f412901faee and fixed in 5.18.15 with commit b0920ca09d9ce19980c8391b9002455baa9c1417 Issue introduced in 2.6.17 with commit 5d424d5a674f782d0659a3b66d951f412901faee and fixed in 5.19 with commit f47d00e077e7d61baf69e46dde3210c886360207 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49598 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/ipv4/tcp_output.c net/ipv4/tcp_timer.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/7e8fc428a7f680f1c4994a40e52d7f95a9a93038 https://git.kernel.org/stable/c/f966773e13cdd3f12baa90071b7b660f6c633ccb https://git.kernel.org/stable/c/77a04845f0d28a3561494a5f3121488470a968a4 https://git.kernel.org/stable/c/aabe9438fdfe004e021d5a206227ec105dbe2416 https://git.kernel.org/stable/c/b0920ca09d9ce19980c8391b9002455baa9c1417 https://git.kernel.org/stable/c/f47d00e077e7d61baf69e46dde3210c886360207
Powered by blists - more mailing lists