CVE-2022-49641

Published: Feb 26, 2025

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in proc_douintvec(). A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch changes proc_douintvec() to use READ_ONCE() and WRITE_ONCE() internally to fix data-races on the sysctl side. For now, proc_douintvec() itself is tolerant to a data-race, but we still need to add annotations on the other subsystem's side.

Vendor	Product	Versions
Linux	Linux	affected `e7d316a02f683864a12389f8808570e37fb90aa3 - < d5d54714e329f646bd7af4994fc427d88ee68936` affected `e7d316a02f683864a12389f8808570e37fb90aa3 - < d335db59f7fb3353f56e52371f1ee796ae9c8f09` affected `e7d316a02f683864a12389f8808570e37fb90aa3 - < 630c76850d554d7140232e71b5d1663e88cffb54` affected `e7d316a02f683864a12389f8808570e37fb90aa3 - < 4762b532ec9539755aab61445d5da6e1926ccb99` affected `70cd763eb1574cac07138be91f474a661e02d694` +3 more versions
Linux	Linux	affected `4.8` unaffected `0 - < 4.8` unaffected `5.10.132 - <= 5.10.` unaffected `5.15.56 - <= 5.15.` unaffected `5.18.13 - <= 5.18.*` +1 more versions

References

https://git.kernel.org/stable/c/d5d54714e329f646bd7af4994fc427d88ee68936

https://git.kernel.org/stable/c/d335db59f7fb3353f56e52371f1ee796ae9c8f09

https://git.kernel.org/stable/c/630c76850d554d7140232e71b5d1663e88cffb54

https://git.kernel.org/stable/c/4762b532ec9539755aab61445d5da6e1926ccb99

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-49641

Description

Affected Products

References