SB20250226690 - Race condition within a thread in Linux kernel ipv4
Published: February 26, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250226690
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Race condition within a thread (CVE-ID: CVE-2022-49593)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the tcp_mtu_check_reprobe() function in net/ipv4/tcp_output.c. A local user can corrupt data.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2a85388f1d94a9f8b5a529118a2c5eaa0520d85c
- https://git.kernel.org/stable/c/73a11588751a2c13f25d9da8117efc9a79b1843f
- https://git.kernel.org/stable/c/80dabd089086e6553b7acfcff2ec223bdada87a1
- https://git.kernel.org/stable/c/b14cc8afbbcbc6dce4797913c0b85266b897f541
- https://git.kernel.org/stable/c/b3798d3519eda9c409bb0815b0102f27ec42468d
- https://git.kernel.org/stable/c/c61aede097d350d890fa1edc9521b0072e14a0b8
- https://git.kernel.org/stable/c/e6b6f027e2854a51f345a5e3e808d7a88001d4f8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.58