SB20250226662 - Race condition within a thread in Linux kernel ipv4
Published: February 26, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250226662
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Race condition within a thread (CVE-ID: CVE-2022-49629)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the rt6_fill_node() function in net/ipv6/route.c, within the __remove_nexthop_fib() function in net/ipv4/nexthop.c, within the fib_dump_info() function in net/ipv4/fib_semantics.c. A local user can corrupt data.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0d17723afea3ae8c9f245c9bbd2ba5945b77e812
- https://git.kernel.org/stable/c/a51040d4b120f3520df64fb0b9c63b31d69bea9b
- https://git.kernel.org/stable/c/ae3054f6fbccc90f14ecd6cf9b2c09a2401c64fd
- https://git.kernel.org/stable/c/bdf00bf24bef9be1ca641a6390fd5487873e0d2e
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.132
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.56
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19