CVE-2022-49325

MEDIUM EPSS 15.8%
Published Feb 26, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: tcp: add accessors to read/set tp->snd_cwnd We had various bugs over the years with code breaking the assumption that tp->snd_cwnd is greater than zero. Lately, syzbot reported the WARN_ON_ONCE(!tp->prior_cwnd) added in commit 8b8a321ff72c ("tcp: fix zero cwnd in tcp_cwnd_reduction") can trigger, and without a repro we would have to spend considerable time finding the bug. Instead of complaining too late, we want to catch where and when tp->snd_cwnd is set to an illegal value.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
15.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-617

Affected Products 3

VendorProductVersionRange
linuxlinux_kernel* <5.15.47
linuxlinux_kernel*≥5.16  –  <5.17.15
linuxlinux_kernel*≥5.18  –  <5.18.4

References 4

  • git.kernel.org https://git.kernel.org/stable/c/3308676ec525901bf1656014003c443a60730a04
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/40570375356c874b1578e05c1dcc3ff7c1322dbe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/41e191fe72282e193a7744e2fc1786b23156c9e4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5aba0ad44fb4a7fb78c5076c313456de199a3c29
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/3308676ec525901bf1656014003c443a60730a04
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/40570375356c874b1578e05c1dcc3ff7c1322dbe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/41e191fe72282e193a7744e2fc1786b23156c9e4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5aba0ad44fb4a7fb78c5076c313456de199a3c29
    Patch