Description

In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in proc_douintvec(). A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch changes proc_douintvec() to use READ_ONCE() and WRITE_ONCE() internally to fix data-races on the sysctl side. For now, proc_douintvec() itself is tolerant to a data-race, but we still need to add annotations on the other subsystem's side.

INFO

Published Date :

2025-02-26T02:23:48.675Z

Last Modified :

2025-10-01T19:36:48.974Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-49641 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-49641.

URL Resource
https://git.kernel.org/stable/c/4762b532ec9539755aab61445d5da6e1926ccb99 cve-icon cve-icon
https://git.kernel.org/stable/c/630c76850d554d7140232e71b5d1663e88cffb54 cve-icon cve-icon
https://git.kernel.org/stable/c/d335db59f7fb3353f56e52371f1ee796ae9c8f09 cve-icon cve-icon
https://git.kernel.org/stable/c/d5d54714e329f646bd7af4994fc427d88ee68936 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025022618-CVE-2022-49641-00e7@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-49641 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-49641 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact