CVE-2022-49344

af_unix: Fix a data-race in unix_dgram_peer_wake_me().

Description

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix a data-race in unix_dgram_peer_wake_me(). unix_dgram_poll() calls unix_dgram_peer_wake_me() without `other`'s lock held and check if its receive queue is full. Here we need to use unix_recvq_full_lockless() instead of unix_recvq_full(), otherwise KCSAN will report a data-race.

Category

4.7
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/95f0ba806277733bf6024e23e27e1be773701cca patch
https://git.kernel.org/stable/c/556720013c36c193d9cbfb06e7b33e51f0c39fbf patch
https://git.kernel.org/stable/c/c61848500a3fd6867dfa4834b8c7f97133eceb9f patch
https://git.kernel.org/stable/c/c926ae58f24f7bd55aa2ea4add9f952032507913 patch
https://git.kernel.org/stable/c/71e8bfc7f838cabc60cba24e09ca84c4f8321ab2 patch
https://git.kernel.org/stable/c/8801eb3ccd2e4e3b1a01449383e3321ae6dbd9d6 patch
https://git.kernel.org/stable/c/662a80946ce13633ae90a55379f1346c10f0c432 patch

Frequently Asked Questions

What is the severity of CVE-2022-49344?
CVE-2022-49344 has been scored as a medium severity vulnerability.
How to fix CVE-2022-49344?
To fix CVE-2022-49344, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49344 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49344 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49344?
CVE-2022-49344 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.