Description

In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data-races in proc_dou8vec_minmax(). A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch changes proc_dou8vec_minmax() to use READ_ONCE() and WRITE_ONCE() internally to fix data-races on the sysctl side. For now, proc_dou8vec_minmax() itself is tolerant to a data-race, but we still need to add annotations on the other subsystem's side.

INFO

Published Date :

2025-02-26T02:23:45.254Z

Last Modified :

2025-10-01T19:36:49.653Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-49634 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-49634.

URL Resource
https://git.kernel.org/stable/c/5f776daef0b5354615ec4b4234cd9539ca05f273 cve-icon cve-icon
https://git.kernel.org/stable/c/7dee5d7747a69aa2be41f04c6a7ecfe3ac8cdf18 cve-icon cve-icon
https://git.kernel.org/stable/c/e58b02e445463065b4078bf621561da75197853f cve-icon cve-icon
https://git.kernel.org/stable/c/f177b382c33900d0e5a9766493c11a1074076f78 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025022617-CVE-2022-49634-4a89@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-49634 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-49634 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact