| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022612-CVE-2022-49602-0366@gregkh> Date: Wed, 26 Feb 2025 03:22:45 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49602: ip: Fix a data-race around sysctl_fwmark_reflect. Description =========== In the Linux kernel, the following vulnerability has been resolved: ip: Fix a data-race around sysctl_fwmark_reflect. While reading sysctl_fwmark_reflect, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. The Linux kernel CVE team has assigned CVE-2022-49602 to this issue. Affected and fixed versions =========================== Issue introduced in 3.16 with commit e110861f86094cd78cc85593b873970092deb43a and fixed in 4.9.325 with commit fc92e3b4bebfdd986ef1d2c5019f236837b0b982 Issue introduced in 3.16 with commit e110861f86094cd78cc85593b873970092deb43a and fixed in 4.14.290 with commit 5e7a1be3e68deef250ad43cc91f7bb8d7d758b48 Issue introduced in 3.16 with commit e110861f86094cd78cc85593b873970092deb43a and fixed in 4.19.254 with commit 9096edcf4854289f92252e086cf6e498c7f8c21d Issue introduced in 3.16 with commit e110861f86094cd78cc85593b873970092deb43a and fixed in 5.4.208 with commit 25a635a67c830766110410fea88ec4e6ee29684b Issue introduced in 3.16 with commit e110861f86094cd78cc85593b873970092deb43a and fixed in 5.10.134 with commit 0ee76fe01ff3c0b4efaa500aecc90d7c8d3a8860 Issue introduced in 3.16 with commit e110861f86094cd78cc85593b873970092deb43a and fixed in 5.15.58 with commit dccf8a67f30e18980d13f07006e5a536bbd1e136 Issue introduced in 3.16 with commit e110861f86094cd78cc85593b873970092deb43a and fixed in 5.18.15 with commit a475ecc9ad919aa3ebdd4e4a6ee612b793bf74b3 Issue introduced in 3.16 with commit e110861f86094cd78cc85593b873970092deb43a and fixed in 5.19 with commit 85d0b4dbd74b95cc492b1f4e34497d3f894f5d9a Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49602 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: include/net/ip.h Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/fc92e3b4bebfdd986ef1d2c5019f236837b0b982 https://git.kernel.org/stable/c/5e7a1be3e68deef250ad43cc91f7bb8d7d758b48 https://git.kernel.org/stable/c/9096edcf4854289f92252e086cf6e498c7f8c21d https://git.kernel.org/stable/c/25a635a67c830766110410fea88ec4e6ee29684b https://git.kernel.org/stable/c/0ee76fe01ff3c0b4efaa500aecc90d7c8d3a8860 https://git.kernel.org/stable/c/dccf8a67f30e18980d13f07006e5a536bbd1e136 https://git.kernel.org/stable/c/a475ecc9ad919aa3ebdd4e4a6ee612b793bf74b3 https://git.kernel.org/stable/c/85d0b4dbd74b95cc492b1f4e34497d3f894f5d9a
Powered by blists - more mailing lists