CVE-2022-49575

medium

Description

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts. While reading sysctl_tcp_thin_linear_timeouts, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.

References

https://git.kernel.org/stable/c/f4b0295be9a3c4260de4585fac4062e602a88ac7

https://git.kernel.org/stable/c/cc133e4f4bc225079198192623945bb872c08143

https://git.kernel.org/stable/c/a0f96c4f179cb3560078cefccef105e8f1701210

https://git.kernel.org/stable/c/7c6f2a86ca590d5187a073d987e9599985fb1c7c

https://git.kernel.org/stable/c/492f3713b282c0e67e951cd804edd22eccc25412

https://git.kernel.org/stable/c/404c53ccdebd11f96954f4070cffac8e0b4d5cb6

Details

Source: Mitre, NVD

Published: 2025-02-26

Updated: 2025-03-10

Risk Information

CVSS v2

Base Score: 3.8

Vector: CVSS2#AV:L/AC:H/Au:S/C:N/I:N/A:C

Severity: Low

CVSS v3

Base Score: 4.7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00014