CVE-2022-49634

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-49634
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49634.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49634
Downstream
Related
Published
2025-02-26T02:23:45.254Z
Modified
2026-03-20T12:22:28.023542Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
sysctl: Fix data-races in proc_dou8vec_minmax().
Details

In the Linux kernel, the following vulnerability has been resolved:

sysctl: Fix data-races in procdou8vecminmax().

A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing.

This patch changes procdou8vecminmax() to use READONCE() and WRITEONCE() internally to fix data-races on the sysctl side. For now, procdou8vecminmax() itself is tolerant to a data-race, but we still need to add annotations on the other subsystem's side.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49634.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
389dab6142d742f91010f38de0f1f2f440b97e1b
Fixed
f177b382c33900d0e5a9766493c11a1074076f78
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
cb9444130662c6c13022579c861098f212db2562
Fixed
e58b02e445463065b4078bf621561da75197853f
Fixed
5f776daef0b5354615ec4b4234cd9539ca05f273
Fixed
7dee5d7747a69aa2be41f04c6a7ecfe3ac8cdf18

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49634.json"