CVE-2022-49639

cipso: Fix data-races around sysctl.

Description

In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add READ_ONCE() to avoid data-races.

Category

4.7
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/2764f82bbc158d106693ae3ced3675cf4b963b35 patch
https://git.kernel.org/stable/c/c321e99d2725d11f7e6a4ebd9ce752259f0bae81 patch
https://git.kernel.org/stable/c/ca26ca5e2f3eeb3e6fe699cd6effa3b4b2aa8698 patch
https://git.kernel.org/stable/c/0e41a0f73ccb9be112a80bde3804a771633caaef patch
https://git.kernel.org/stable/c/fe2a35fa2c4f9c8ce5ef970eb927031387f9446a patch
https://git.kernel.org/stable/c/07b0caf8aeb9b82e6ecc6c292a3e47c7fcdb1148 patch
https://git.kernel.org/stable/c/59e26906b89cc35bb54476498772b45cbc32323f patch
https://git.kernel.org/stable/c/dd44f04b9214adb68ef5684ae87a81ba03632250 patch

Frequently Asked Questions

What is the severity of CVE-2022-49639?
CVE-2022-49639 has been scored as a medium severity vulnerability.
How to fix CVE-2022-49639?
To fix CVE-2022-49639, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49639 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49639 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49639?
CVE-2022-49639 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.