CVE-2022-49589 : In the Linux kernel, the following vulnerability has been resolved: igmp: Fix d

In the Linux kernel, the following vulnerability has been resolved: igmp: Fix data-races around sysctl_igmp_qrv. While reading sysctl_igmp_qrv, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers. This test can be packed into a helper, so such changes will be in the follow-up series after net is merged into net-next. qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);

Published 2025-02-26 02:23:23

Updated 2025-03-10 20:47:28

Source Linux

View at NVD, CVE.org

Products affected by CVE-2022-49589

Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.15.59
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.20 and before (<) 5.4.209
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.18 and before (<) 4.19.255
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.5 and before (<) 5.10.135
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.16 and before (<) 5.18.15
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.19 Update RC1
cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.19 Update RC2
cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.19 Update RC3
cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.19 Update RC4
cpe:2.3:o:linux:linux_kernel:5.19:rc4:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.19 Update RC5
cpe:2.3:o:linux:linux_kernel:5.19:rc5:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.19 Update RC6
cpe:2.3:o:linux:linux_kernel:5.19:rc6:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.19 Update RC7
cpe:2.3:o:linux:linux_kernel:5.19:rc7:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-49589

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 11 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-49589

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.7	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H	1.0	3.6	NIST	2025-03-10
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-49589

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-49589

https://git.kernel.org/stable/c/9eeb3a7702998bdccbfcc37997b5dd9215b9a7f7

Mailing List;Patch
https://git.kernel.org/stable/c/8ebcc62c738f68688ee7c6fec2efe5bc6d3d7e60

igmp: Fix data-races around sysctl_igmp_qrv. - kernel/git/stable/linux.git - Linux kernel stable tree
Mailing List;Patch
https://git.kernel.org/stable/c/c721324afc589f8ea54bae04756b150aeaae5fa4

Mailing List;Patch
https://git.kernel.org/stable/c/b399ffafffba39f47b731b26a5da1dc0ffc4b3ad

Mailing List;Patch
https://git.kernel.org/stable/c/e20dd1b0e0ea15bee1e528536a0840dba972ca0e

Mailing List;Patch
https://git.kernel.org/stable/c/c2954671010cd1127d1ffa328c6e6f8e99930982

igmp: Fix data-races around sysctl_igmp_qrv. - kernel/git/stable/linux.git - Linux kernel stable tree
Mailing List;Patch

Jump to

Vulnerability Details : CVE-2022-49589

Products affected by CVE-2022-49589

Exploit prediction scoring system (EPSS) score for CVE-2022-49589

CVSS scores for CVE-2022-49589

CWE ids for CVE-2022-49589

References for CVE-2022-49589