CVE-2022-49325

tcp: add accessors to read/set tp->snd_cwnd

Description

In the Linux kernel, the following vulnerability has been resolved: tcp: add accessors to read/set tp->snd_cwnd We had various bugs over the years with code breaking the assumption that tp->snd_cwnd is greater than zero. Lately, syzbot reported the WARN_ON_ONCE(!tp->prior_cwnd) added in commit 8b8a321ff72c ("tcp: fix zero cwnd in tcp_cwnd_reduction") can trigger, and without a repro we would have to spend considerable time finding the bug. Instead of complaining too late, we want to catch where and when tp->snd_cwnd is set to an illegal value.

N/A
CVSS
Severity:
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/3308676ec525901bf1656014003c443a60730a04
https://git.kernel.org/stable/c/5aba0ad44fb4a7fb78c5076c313456de199a3c29
https://git.kernel.org/stable/c/41e191fe72282e193a7744e2fc1786b23156c9e4
https://git.kernel.org/stable/c/40570375356c874b1578e05c1dcc3ff7c1322dbe

Frequently Asked Questions

What is the severity of CVE-2022-49325?
CVE-2022-49325 has not yet been assigned a CVSS score.
How to fix CVE-2022-49325?
To fix CVE-2022-49325, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49325 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49325 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49325?
CVE-2022-49325 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.