CVE-2022-49577

medium

Description

In the Linux kernel, the following vulnerability has been resolved: udp: Fix a data-race around sysctl_udp_l3mdev_accept. While reading sysctl_udp_l3mdev_accept, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.

References

https://git.kernel.org/stable/c/fcaef69c79ec222e55643e666b80b221e70fa6a8

https://git.kernel.org/stable/c/f39b03bd727a8fea62e82f10fe2e0d753b9930ff

https://git.kernel.org/stable/c/cb0d28934ca10f99c47e2c6f451405d6c954fe48

https://git.kernel.org/stable/c/3f2ac2d6511bb0652abf4d7388d65bb9ff1c641c

https://git.kernel.org/stable/c/3d72bb4188c708bb16758c60822fc4dda7a95174

Details

Source: Mitre, NVD

Published: 2025-02-26

Updated: 2025-03-10

Risk Information

CVSS v2

Base Score: 3.8

Vector: CVSS2#AV:L/AC:H/Au:S/C:N/I:N/A:C

Severity: Low

CVSS v3

Base Score: 4.7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00048