CVE-2022-49634

Published: Feb 26, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data-races in proc_dou8vec_minmax(). A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch changes proc_dou8vec_minmax() to use READ_ONCE() and WRITE_ONCE() internally to fix data-races on the sysctl side. For now, proc_dou8vec_minmax() itself is tolerant to a data-race, but we still need to add annotations on the other subsystem's side.

Vendor	Product	Versions
Linux	Linux	affected `389dab6142d742f91010f38de0f1f2f440b97e1b - < f177b382c33900d0e5a9766493c11a1074076f78` affected `cb9444130662c6c13022579c861098f212db2562 - < e58b02e445463065b4078bf621561da75197853f` affected `cb9444130662c6c13022579c861098f212db2562 - < 5f776daef0b5354615ec4b4234cd9539ca05f273` affected `cb9444130662c6c13022579c861098f212db2562 - < 7dee5d7747a69aa2be41f04c6a7ecfe3ac8cdf18`
Linux	Linux	affected `5.13` unaffected `0 - < 5.13` unaffected `5.15.56 - <= 5.15.` unaffected `5.18.13 - <= 5.18.` unaffected `5.19 - <= *`

References

https://git.kernel.org/stable/c/f177b382c33900d0e5a9766493c11a1074076f78

https://git.kernel.org/stable/c/e58b02e445463065b4078bf621561da75197853f

https://git.kernel.org/stable/c/5f776daef0b5354615ec4b4234cd9539ca05f273

https://git.kernel.org/stable/c/7dee5d7747a69aa2be41f04c6a7ecfe3ac8cdf18

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-49634

Description

Affected Products

References