CVE-2022-49590

MEDIUM EPSS 7.4%
Published Feb 26, 20251y ago · Modified Jun 17, 20261w ago
4.7 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: igmp: Fix data-races around sysctl_igmp_llm_reports. While reading sysctl_igmp_llm_reports, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers. This test can be packed into a helper, so such changes will be in the follow-up series after net is merged into net-next. if (ipv4_is_local_multicast(pmc->multiaddr) && !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))

CVSS Details

Base Score
4.7
Exploitability
1.0
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
7.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-362

Affected Products 14

VendorProductVersionRange
linuxlinux_kernel*≥4.3  –  <4.9.325
linuxlinux_kernel*≥4.10  –  <4.14.290
linuxlinux_kernel*≥4.15  –  <4.19.254
linuxlinux_kernel*≥4.20  –  <5.4.208
linuxlinux_kernel*≥5.5  –  <5.10.134
linuxlinux_kernel*≥5.11  –  <5.15.58
linuxlinux_kernel*≥5.16  –  <5.18.15
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/1656ecaddf90e2a070ec2d2404cdae3edf80faca
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/260446eb8e5541402b271343a4516f2b33dec1e4
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/46307adceb67bdf2ec38408dd9cebc378a6b5c46
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/473aad9ad57ff760005377e6f45a2ad4210e08ce
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/a84b4afaca2573ed3aed1f8854aefe3ca5a82e72
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/d77969e7d4ccc26bf1f414a39ef35050a83ba6d5
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/ed876e99ccf417b8bd7fd8408ba5e8b008e46cc8
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/f6da2267e71106474fbc0943dc24928b9cb79119
    Mailing ListPatch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1656ecaddf90e2a070ec2d2404cdae3edf80faca
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/260446eb8e5541402b271343a4516f2b33dec1e4
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/46307adceb67bdf2ec38408dd9cebc378a6b5c46
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/473aad9ad57ff760005377e6f45a2ad4210e08ce
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/a84b4afaca2573ed3aed1f8854aefe3ca5a82e72
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/d77969e7d4ccc26bf1f414a39ef35050a83ba6d5
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/ed876e99ccf417b8bd7fd8408ba5e8b008e46cc8
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/f6da2267e71106474fbc0943dc24928b9cb79119
    Mailing ListPatch