| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022618-CVE-2022-49639-a1b4@gregkh> Date: Wed, 26 Feb 2025 03:23:22 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49639: cipso: Fix data-races around sysctl. Description =========== In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add READ_ONCE() to avoid data-races. The Linux kernel CVE team has assigned CVE-2022-49639 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.19 with commit 446fda4f26822b2d42ab3396aafcedf38a9ff2b6 and fixed in 4.9.324 with commit 2764f82bbc158d106693ae3ced3675cf4b963b35 Issue introduced in 2.6.19 with commit 446fda4f26822b2d42ab3396aafcedf38a9ff2b6 and fixed in 4.14.289 with commit c321e99d2725d11f7e6a4ebd9ce752259f0bae81 Issue introduced in 2.6.19 with commit 446fda4f26822b2d42ab3396aafcedf38a9ff2b6 and fixed in 4.19.253 with commit ca26ca5e2f3eeb3e6fe699cd6effa3b4b2aa8698 Issue introduced in 2.6.19 with commit 446fda4f26822b2d42ab3396aafcedf38a9ff2b6 and fixed in 5.4.207 with commit 0e41a0f73ccb9be112a80bde3804a771633caaef Issue introduced in 2.6.19 with commit 446fda4f26822b2d42ab3396aafcedf38a9ff2b6 and fixed in 5.10.132 with commit fe2a35fa2c4f9c8ce5ef970eb927031387f9446a Issue introduced in 2.6.19 with commit 446fda4f26822b2d42ab3396aafcedf38a9ff2b6 and fixed in 5.15.56 with commit 07b0caf8aeb9b82e6ecc6c292a3e47c7fcdb1148 Issue introduced in 2.6.19 with commit 446fda4f26822b2d42ab3396aafcedf38a9ff2b6 and fixed in 5.18.13 with commit 59e26906b89cc35bb54476498772b45cbc32323f Issue introduced in 2.6.19 with commit 446fda4f26822b2d42ab3396aafcedf38a9ff2b6 and fixed in 5.19 with commit dd44f04b9214adb68ef5684ae87a81ba03632250 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49639 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: Documentation/networking/ip-sysctl.rst net/ipv4/cipso_ipv4.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/2764f82bbc158d106693ae3ced3675cf4b963b35 https://git.kernel.org/stable/c/c321e99d2725d11f7e6a4ebd9ce752259f0bae81 https://git.kernel.org/stable/c/ca26ca5e2f3eeb3e6fe699cd6effa3b4b2aa8698 https://git.kernel.org/stable/c/0e41a0f73ccb9be112a80bde3804a771633caaef https://git.kernel.org/stable/c/fe2a35fa2c4f9c8ce5ef970eb927031387f9446a https://git.kernel.org/stable/c/07b0caf8aeb9b82e6ecc6c292a3e47c7fcdb1148 https://git.kernel.org/stable/c/59e26906b89cc35bb54476498772b45cbc32323f https://git.kernel.org/stable/c/dd44f04b9214adb68ef5684ae87a81ba03632250
Powered by blists - more mailing lists