SB20250226676 - Race condition within a thread in Linux kernel ipv4
Published: February 26, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250226676
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Race condition within a thread (CVE-ID: CVE-2022-49573)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the tcp_schedule_loss_probe() function in net/ipv4/tcp_output.c. A local user can corrupt data.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/11e8b013d16e5db63f8f76acceb5b86964098aaa
- https://git.kernel.org/stable/c/488d3ad98ef7cddce7054193dbae6b4349c6807d
- https://git.kernel.org/stable/c/5037ca9e4b169cc9aed0174d658c3d81fdaf8ea5
- https://git.kernel.org/stable/c/52e65865deb6a36718a463030500f16530eaab74
- https://git.kernel.org/stable/c/83767fe800a311370330d4ec83aa76093b744a80
- https://git.kernel.org/stable/c/d5975f6376ce90c2c483ae36bf88c9cface4c13b
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.15