CVE-2022-49957
Published: Jun 18, 2025
Modified: May 27, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: kcm: fix strp_init() order and cleanup strp_init() is called just a few lines above this csk->sk_user_data check, it also initializes strp->work etc., therefore, it is unnecessary to call strp_done() to cancel the freshly initialized work. And if sk_user_data is already used by KCM, psock->strp should not be touched, particularly strp->work state, so we need to move strp_init() after the csk->sk_user_data check. This also makes a lockdep warning reported by syzbot go away.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 44890e9ff771ef11777b2d1ebf8589255eb12502 - < 473f394953216614087f4179e55cdf0cf616a13baffected e5571240236c5652f3e079b1d5866716a7ad819c - < a8a0c321319ad64a5427d6172cd9c23b4d6ca1e8affected e5571240236c5652f3e079b1d5866716a7ad819c - < 0946ff31d1a8778787bf6708beb20f38715267ccaffected e5571240236c5652f3e079b1d5866716a7ad819c - < 1b6666964ca1de93a7bf06e122bcf3616dbd33a9affected e5571240236c5652f3e079b1d5866716a7ad819c - < 55fb8c3baa8071c5d533a9ad48624e44e2a04ef5+8 more versions |
Linux | Linux | affected 4.15unaffected 0 - < 4.15unaffected 4.14.293 - <= 4.14.*unaffected 4.19.258 - <= 4.19.*unaffected 5.4.213 - <= 5.4.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now