CVE-2022-49634

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-49634
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49634.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-49634
Downstream
Related
Published
2025-02-26T02:23:45.254Z
Modified
2026-03-11T06:24:58.399269Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
sysctl: Fix data-races in proc_dou8vec_minmax().
Details

In the Linux kernel, the following vulnerability has been resolved:

sysctl: Fix data-races in procdou8vecminmax().

A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing.

This patch changes procdou8vecminmax() to use READONCE() and WRITEONCE() internally to fix data-races on the sysctl side. For now, procdou8vecminmax() itself is tolerant to a data-race, but we still need to add annotations on the other subsystem's side.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49634.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
389dab6142d742f91010f38de0f1f2f440b97e1b
Fixed
f177b382c33900d0e5a9766493c11a1074076f78
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
cb9444130662c6c13022579c861098f212db2562
Fixed
e58b02e445463065b4078bf621561da75197853f
Fixed
5f776daef0b5354615ec4b4234cd9539ca05f273
Fixed
7dee5d7747a69aa2be41f04c6a7ecfe3ac8cdf18

Affected versions

v5.*
v5.12
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.18.10
v5.18.11
v5.18.12
v5.18.2
v5.18.3
v5.18.4
v5.18.5
v5.18.6
v5.18.7
v5.18.8
v5.18.9
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49634.json"
vanir_signatures 
[
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "127204616488291683625841009683409259508",
            "length": 769.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e58b02e445463065b4078bf621561da75197853f",
        "signature_type": "Function",
        "id": "CVE-2022-49634-00202c6e",
        "target": {
            "file": "kernel/sysctl.c",
            "function": "proc_dou8vec_minmax"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "108947755076585320714658435443899241191",
                "217704660596998289201253101289138867036",
                "88165358904965317444269836242219780949",
                "109783644305934629174003863790098686543",
                "97074214741673526960996597887474191812",
                "216097141065919479872262736876713183236",
                "338639363933068445304851622568901733987",
                "81024614530849330944597213610265254645",
                "162116473133578750733234582686217534245",
                "81229212431798553516381074528416473561"
            ]
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f177b382c33900d0e5a9766493c11a1074076f78",
        "signature_type": "Line",
        "id": "CVE-2022-49634-4287e656",
        "target": {
            "file": "kernel/sysctl.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "108947755076585320714658435443899241191",
                "217704660596998289201253101289138867036",
                "88165358904965317444269836242219780949",
                "109783644305934629174003863790098686543",
                "97074214741673526960996597887474191812",
                "216097141065919479872262736876713183236",
                "338639363933068445304851622568901733987",
                "81024614530849330944597213610265254645",
                "162116473133578750733234582686217534245",
                "81229212431798553516381074528416473561"
            ]
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5f776daef0b5354615ec4b4234cd9539ca05f273",
        "signature_type": "Line",
        "id": "CVE-2022-49634-4cde4025",
        "target": {
            "file": "kernel/sysctl.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "108947755076585320714658435443899241191",
                "217704660596998289201253101289138867036",
                "88165358904965317444269836242219780949",
                "109783644305934629174003863790098686543",
                "97074214741673526960996597887474191812",
                "216097141065919479872262736876713183236",
                "338639363933068445304851622568901733987",
                "81024614530849330944597213610265254645",
                "162116473133578750733234582686217534245",
                "81229212431798553516381074528416473561"
            ]
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e58b02e445463065b4078bf621561da75197853f",
        "signature_type": "Line",
        "id": "CVE-2022-49634-62a47c4f",
        "target": {
            "file": "kernel/sysctl.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "127204616488291683625841009683409259508",
            "length": 769.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5f776daef0b5354615ec4b4234cd9539ca05f273",
        "signature_type": "Function",
        "id": "CVE-2022-49634-738313f0",
        "target": {
            "file": "kernel/sysctl.c",
            "function": "proc_dou8vec_minmax"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "108947755076585320714658435443899241191",
                "217704660596998289201253101289138867036",
                "88165358904965317444269836242219780949",
                "109783644305934629174003863790098686543",
                "97074214741673526960996597887474191812",
                "216097141065919479872262736876713183236",
                "338639363933068445304851622568901733987",
                "81024614530849330944597213610265254645",
                "162116473133578750733234582686217534245",
                "81229212431798553516381074528416473561"
            ]
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7dee5d7747a69aa2be41f04c6a7ecfe3ac8cdf18",
        "signature_type": "Line",
        "id": "CVE-2022-49634-9af8e0cf",
        "target": {
            "file": "kernel/sysctl.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "127204616488291683625841009683409259508",
            "length": 769.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7dee5d7747a69aa2be41f04c6a7ecfe3ac8cdf18",
        "signature_type": "Function",
        "id": "CVE-2022-49634-d3072e0c",
        "target": {
            "file": "kernel/sysctl.c",
            "function": "proc_dou8vec_minmax"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "127204616488291683625841009683409259508",
            "length": 769.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f177b382c33900d0e5a9766493c11a1074076f78",
        "signature_type": "Function",
        "id": "CVE-2022-49634-e48439da",
        "target": {
            "file": "kernel/sysctl.c",
            "function": "proc_dou8vec_minmax"
        }
    }
]