SB20250226674 - Race condition within a thread in Linux kernel ipv4
Published: February 26, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250226674
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Race condition within a thread (CVE-ID: CVE-2022-49571)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the tcp_check_sack_reordering() and tcp_check_reno_reordering() functions in net/ipv4/tcp_input.c. A local user can corrupt data.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/064852663308c801861bd54789d81421fa4c2928
- https://git.kernel.org/stable/c/46deb91ac8a790286ad6d24cf92e7ab0ab2582bb
- https://git.kernel.org/stable/c/50a1d3d097503a90cf84ebe120afcde37e9c33b3
- https://git.kernel.org/stable/c/5e38cee24f19d19280c68f1ac8bf6790d607f60a
- https://git.kernel.org/stable/c/a11e5b3e7a59fde1a90b0eaeaa82320495cf8cae
- https://git.kernel.org/stable/c/ce3731c61589ed73364a5b55ce34131762ef9b60
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.58