CVE-2022-49576
- Source
- https://cve.org/CVERecord?id=CVE-2022-49576
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49576.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-49576
- Downstream
- Published
- 2025-02-26T02:23:16.629Z
- Modified
- 2026-03-10T11:47:27.571889Z
- Severity
-
- 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- ipv4: Fix data-races around sysctl_fib_multipath_hash_fields.
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ipv4: Fix data-races around sysctlfibmultipathhashfields.
While reading sysctlfibmultipathhashfields, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49576.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/36f5b86f309b3b11295d087cd7433f1c897caf94
- https://git.kernel.org/stable/c/548d6678c4a3d43667e59686665f8674b82440a3
- https://git.kernel.org/stable/c/8895a9c2ac76fb9d3922fed4fe092c8ec5e5cccc
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49576.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-49576
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedce5c9c20d364f156c885efed8c71fca2945db00fFixed36f5b86f309b3b11295d087cd7433f1c897caf94Fixed548d6678c4a3d43667e59686665f8674b82440a3Fixed8895a9c2ac76fb9d3922fed4fe092c8ec5e5cccc
Affected versions
v5.*
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.18.10
v5.18.11
v5.18.12
v5.18.13
v5.18.14
v5.18.2
v5.18.3
v5.18.4
v5.18.5
v5.18.6
v5.18.7
v5.18.8
v5.18.9
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49576.json"
vanir_signatures
[
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@548d6678c4a3d43667e59686665f8674b82440a3",
"digest": {
"line_hashes": [
"164094081407482407405015847504179169743",
"67466316458840247842351411034625692408",
"101919683261246987210734343810762386659",
"61746291546677194920149508006534909244"
],
"threshold": 0.9
},
"id": "CVE-2022-49576-05c5d9a0"
},
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8895a9c2ac76fb9d3922fed4fe092c8ec5e5cccc",
"digest": {
"line_hashes": [
"164094081407482407405015847504179169743",
"67466316458840247842351411034625692408",
"101919683261246987210734343810762386659",
"61746291546677194920149508006534909244"
],
"threshold": 0.9
},
"id": "CVE-2022-49576-06c98e24"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "net/ipv4/route.c",
"function": "fib_multipath_custom_hash_inner"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8895a9c2ac76fb9d3922fed4fe092c8ec5e5cccc",
"digest": {
"length": 1536.0,
"function_hash": "216033123600415715192423146783169841094"
},
"id": "CVE-2022-49576-17a350b0"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "net/ipv4/route.c",
"function": "fib_multipath_custom_hash_fl4"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8895a9c2ac76fb9d3922fed4fe092c8ec5e5cccc",
"digest": {
"length": 798.0,
"function_hash": "180270719072933656719259107809337019183"
},
"id": "CVE-2022-49576-27bc0165"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c",
"function": "mlxsw_sp_mp4_hash_init"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@36f5b86f309b3b11295d087cd7433f1c897caf94",
"digest": {
"length": 1158.0,
"function_hash": "217911321135565043599722575229452454950"
},
"id": "CVE-2022-49576-3d088933"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "net/ipv4/route.c",
"function": "fib_multipath_custom_hash_outer"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8895a9c2ac76fb9d3922fed4fe092c8ec5e5cccc",
"digest": {
"length": 974.0,
"function_hash": "73558390274930493640359268066701993690"
},
"id": "CVE-2022-49576-4f602ba6"
},
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "net/ipv4/route.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@548d6678c4a3d43667e59686665f8674b82440a3",
"digest": {
"line_hashes": [
"58395467753790981987405328006867554491",
"225229817653413647240458104135226611586",
"268628941240807668056915865482579654765",
"303235247253427234851711712417211211679",
"158448100476339090383137351204585356504",
"172511664269429887457578400656208194655",
"140689767944020456079018312241422820403",
"277917262107319897268490749784207921445",
"184171890479099701067346876160287594681",
"162047997635409070978520702023623369308",
"193114413846956478562772754175783598124",
"262187244377500963007752398384537290246"
],
"threshold": 0.9
},
"id": "CVE-2022-49576-6e05f74c"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "net/ipv4/route.c",
"function": "fib_multipath_custom_hash_inner"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@548d6678c4a3d43667e59686665f8674b82440a3",
"digest": {
"length": 1536.0,
"function_hash": "216033123600415715192423146783169841094"
},
"id": "CVE-2022-49576-6e29e0f0"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "net/ipv4/route.c",
"function": "fib_multipath_custom_hash_outer"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@548d6678c4a3d43667e59686665f8674b82440a3",
"digest": {
"length": 974.0,
"function_hash": "73558390274930493640359268066701993690"
},
"id": "CVE-2022-49576-7998d17f"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "net/ipv4/route.c",
"function": "fib_multipath_custom_hash_fl4"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@548d6678c4a3d43667e59686665f8674b82440a3",
"digest": {
"length": 798.0,
"function_hash": "180270719072933656719259107809337019183"
},
"id": "CVE-2022-49576-8027b400"
},
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@36f5b86f309b3b11295d087cd7433f1c897caf94",
"digest": {
"line_hashes": [
"164094081407482407405015847504179169743",
"67466316458840247842351411034625692408",
"101919683261246987210734343810762386659",
"61746291546677194920149508006534909244"
],
"threshold": 0.9
},
"id": "CVE-2022-49576-80b82c0b"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "net/ipv4/route.c",
"function": "fib_multipath_custom_hash_outer"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@36f5b86f309b3b11295d087cd7433f1c897caf94",
"digest": {
"length": 974.0,
"function_hash": "73558390274930493640359268066701993690"
},
"id": "CVE-2022-49576-84776405"
},
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "net/ipv4/route.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8895a9c2ac76fb9d3922fed4fe092c8ec5e5cccc",
"digest": {
"line_hashes": [
"58395467753790981987405328006867554491",
"225229817653413647240458104135226611586",
"268628941240807668056915865482579654765",
"303235247253427234851711712417211211679",
"158448100476339090383137351204585356504",
"172511664269429887457578400656208194655",
"140689767944020456079018312241422820403",
"277917262107319897268490749784207921445",
"184171890479099701067346876160287594681",
"162047997635409070978520702023623369308",
"193114413846956478562772754175783598124",
"262187244377500963007752398384537290246"
],
"threshold": 0.9
},
"id": "CVE-2022-49576-8fd05c54"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "net/ipv4/route.c",
"function": "fib_multipath_custom_hash_fl4"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@36f5b86f309b3b11295d087cd7433f1c897caf94",
"digest": {
"length": 798.0,
"function_hash": "180270719072933656719259107809337019183"
},
"id": "CVE-2022-49576-a3d83ca6"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c",
"function": "mlxsw_sp_mp4_hash_init"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8895a9c2ac76fb9d3922fed4fe092c8ec5e5cccc",
"digest": {
"length": 1158.0,
"function_hash": "217911321135565043599722575229452454950"
},
"id": "CVE-2022-49576-ad9c3181"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "net/ipv4/route.c",
"function": "fib_multipath_custom_hash_inner"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@36f5b86f309b3b11295d087cd7433f1c897caf94",
"digest": {
"length": 1536.0,
"function_hash": "216033123600415715192423146783169841094"
},
"id": "CVE-2022-49576-d9e132bc"
},
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "net/ipv4/route.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@36f5b86f309b3b11295d087cd7433f1c897caf94",
"digest": {
"line_hashes": [
"58395467753790981987405328006867554491",
"225229817653413647240458104135226611586",
"268628941240807668056915865482579654765",
"303235247253427234851711712417211211679",
"158448100476339090383137351204585356504",
"172511664269429887457578400656208194655",
"140689767944020456079018312241422820403",
"277917262107319897268490749784207921445",
"184171890479099701067346876160287594681",
"162047997635409070978520702023623369308",
"193114413846956478562772754175783598124",
"262187244377500963007752398384537290246"
],
"threshold": 0.9
},
"id": "CVE-2022-49576-f0d6b10e"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c",
"function": "mlxsw_sp_mp4_hash_init"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@548d6678c4a3d43667e59686665f8674b82440a3",
"digest": {
"length": 1158.0,
"function_hash": "217911321135565043599722575229452454950"
},
"id": "CVE-2022-49576-f68b7f25"
}
]