0.0
NA
CVE-2022-49572
Linux Kernel TCP Data-Race Vulnerability
Description

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. While reading sysctl_tcp_slow_start_after_idle, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.

INFO

Published Date :

Feb. 26, 2025, 7:01 a.m.

Last Modified :

Feb. 26, 2025, 7:01 a.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

Exploitability Score :

Affected Products

The following products are affected by CVE-2022-49572 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2022-49572.

URL Resource
https://git.kernel.org/stable/c/0e3f82a03ec8c3808e87283e12946227415706c9
https://git.kernel.org/stable/c/369d99c2b89f54473adcf9acdf40ea562b5a6e0e
https://git.kernel.org/stable/c/3b26e11b07a09b31247688bec61e2925d4a571b6
https://git.kernel.org/stable/c/41aeba4506f6b70ec7500c6fe202731a4ba29fe5
https://git.kernel.org/stable/c/4845b5713ab18a1bb6e31d1fbb4d600240b8b691
https://git.kernel.org/stable/c/68b6f9506747d507c7bfa374d178929b4157e8c6

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2022-49572 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2022-49572 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Mar. 10, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE CWE-362
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.19:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.19:rc5:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.19:rc6:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.19:rc7:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.18 from (excluding) 4.19.254 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 from (excluding) 5.4.208 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 from (excluding) 5.10.134 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 from (excluding) 5.15.58 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 from (excluding) 5.18.15
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/0e3f82a03ec8c3808e87283e12946227415706c9 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/369d99c2b89f54473adcf9acdf40ea562b5a6e0e Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/3b26e11b07a09b31247688bec61e2925d4a571b6 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/41aeba4506f6b70ec7500c6fe202731a4ba29fe5 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/4845b5713ab18a1bb6e31d1fbb4d600240b8b691 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/68b6f9506747d507c7bfa374d178929b4157e8c6 Types: Patch
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Feb. 26, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. While reading sysctl_tcp_slow_start_after_idle, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.
    Added Reference https://git.kernel.org/stable/c/0e3f82a03ec8c3808e87283e12946227415706c9
    Added Reference https://git.kernel.org/stable/c/369d99c2b89f54473adcf9acdf40ea562b5a6e0e
    Added Reference https://git.kernel.org/stable/c/3b26e11b07a09b31247688bec61e2925d4a571b6
    Added Reference https://git.kernel.org/stable/c/41aeba4506f6b70ec7500c6fe202731a4ba29fe5
    Added Reference https://git.kernel.org/stable/c/4845b5713ab18a1bb6e31d1fbb4d600240b8b691
    Added Reference https://git.kernel.org/stable/c/68b6f9506747d507c7bfa374d178929b4157e8c6
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2022-49572 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2022-49572 weaknesses.

NONE - Vulnerability Scoring System
:
© cvefeed.io
Latest DB Update: Apr. 23, 2025 16:50