SB20250226663 - Race condition within a thread in Linux kernel ipv4
Published: February 26, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250226663
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Race condition within a thread (CVE-ID: CVE-2022-49596)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the tcp_mtu_probing() function in net/ipv4/tcp_timer.c, within the __tcp_mtu_to_mss() function in net/ipv4/tcp_output.c. A local user can corrupt data.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0d8a39feb58910a7f7746b1770ee5578cc551fe6
- https://git.kernel.org/stable/c/0fc9357282df055e30990b29f4b7afa53ab42cdb
- https://git.kernel.org/stable/c/78eb166cdefcc3221c8c7c1e2d514e91a2eb5014
- https://git.kernel.org/stable/c/97992e8feff33b3ae154a113ec398546bbacda80
- https://git.kernel.org/stable/c/fdb96b69f5909ffcdd6f1e0902219fc6d7689ff7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.208