CVE-2022-49344 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix a data-race in unix_dgram_peer_wake_me(). unix_dgram_poll() calls unix_dgram_peer_wake_me() without `other`'s lock held and check if its receive queue is full. Here we need to use unix_recvq_full_lockless() instead of unix_recvq_full(), otherwise KCSAN will report a data-race.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc1::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-362.8.1.el9_3	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:6583	2023-11-07T00:00:00Z
kernel-0:5.14.0-362.8.1.el9_3	cpe:/o:redhat:enterprise_linux:9	RHSA-2023:6583	2023-11-07T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/556720013c36c193d9cbfb06e7b33e51f0c39fbf
https://git.kernel.org/stable/c/662a80946ce13633ae90a55379f1346c10f0c432
https://git.kernel.org/stable/c/71e8bfc7f838cabc60cba24e09ca84c4f8321ab2
https://git.kernel.org/stable/c/8801eb3ccd2e4e3b1a01449383e3321ae6dbd9d6
https://git.kernel.org/stable/c/95f0ba806277733bf6024e23e27e1be773701cca
https://git.kernel.org/stable/c/c61848500a3fd6867dfa4834b8c7f97133eceb9f
https://git.kernel.org/stable/c/c926ae58f24f7bd55aa2ea4add9f952032507913
https://lore.kernel.org/linux-cve-announce/2025022641-CVE-2022-49344-2b3a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-49344
https://www.cve.org/CVERecord?id=CVE-2022-49344

History

Thu, 02 Oct 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 16 Apr 2025 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Thu, 13 Mar 2025 22:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-362
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.19:rc1::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Thu, 27 Feb 2025 01:45:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025022641-CVE-2022-49344-2b3a@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-49344 https://www.cve.org/CVERecord?id=CVE-2022-49344
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 26 Feb 2025 02:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix a data-race in unix_dgram_peer_wake_me(). unix_dgram_poll() calls unix_dgram_peer_wake_me() without `other`'s lock held and check if its receive queue is full. Here we need to use unix_recvq_full_lockless() instead of unix_recvq_full(), otherwise KCSAN will report a data-race.
Title		af_unix: Fix a data-race in unix_dgram_peer_wake_me().
References		https://git.kernel.org/stable/c/556720013c36c193d9cbfb06e7b33e51f0c39fbf https://git.kernel.org/stable/c/662a80946ce13633ae90a55379f1346c10f0c432 https://git.kernel.org/stable/c/71e8bfc7f838cabc60cba24e09ca84c4f8321ab2 https://git.kernel.org/stable/c/8801eb3ccd2e4e3b1a01449383e3321ae6dbd9d6 https://git.kernel.org/stable/c/95f0ba806277733bf6024e23e27e1be773701cca https://git.kernel.org/stable/c/c61848500a3fd6867dfa4834b8c7f97133eceb9f https://git.kernel.org/stable/c/c926ae58f24f7bd55aa2ea4add9f952032507913

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-02-26T02:11:00.498Z

Updated: 2025-10-01T19:46:54.869Z

Reserved: 2025-02-26T02:08:31.542Z

Link: CVE-2022-49344

Vulnrichment

Updated: 2025-10-01T16:16:15.840Z

NVD

Status : Modified

Published: 2025-02-26T07:01:11.140

Modified: 2025-10-01T20:16:11.017

Link: CVE-2022-49344

Redhat

Severity : Moderate

Publid Date: 2025-02-26T00:00:00Z

Links: CVE-2022-49344 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49344", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T02:08:31.542Z", "datePublished": "2025-02-26T02:11:00.498Z", "dateUpdated": "2025-10-01T19:46:54.869Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:44:29.570Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix a data-race in unix_dgram_peer_wake_me().\n\nunix_dgram_poll() calls unix_dgram_peer_wake_me() without `other`'s\nlock held and check if its receive queue is full. Here we need to\nuse unix_recvq_full_lockless() instead of unix_recvq_full(), otherwise\nKCSAN will report a data-race."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/unix/af_unix.c"], "versions": [{"version": "7d267278a9ece963d77eefec61630223fce08c6c", "lessThan": "95f0ba806277733bf6024e23e27e1be773701cca", "status": "affected", "versionType": "git"}, {"version": "7d267278a9ece963d77eefec61630223fce08c6c", "lessThan": "556720013c36c193d9cbfb06e7b33e51f0c39fbf", "status": "affected", "versionType": "git"}, {"version": "7d267278a9ece963d77eefec61630223fce08c6c", "lessThan": "c61848500a3fd6867dfa4834b8c7f97133eceb9f", "status": "affected", "versionType": "git"}, {"version": "7d267278a9ece963d77eefec61630223fce08c6c", "lessThan": "c926ae58f24f7bd55aa2ea4add9f952032507913", "status": "affected", "versionType": "git"}, {"version": "7d267278a9ece963d77eefec61630223fce08c6c", "lessThan": "71e8bfc7f838cabc60cba24e09ca84c4f8321ab2", "status": "affected", "versionType": "git"}, {"version": "7d267278a9ece963d77eefec61630223fce08c6c", "lessThan": "8801eb3ccd2e4e3b1a01449383e3321ae6dbd9d6", "status": "affected", "versionType": "git"}, {"version": "7d267278a9ece963d77eefec61630223fce08c6c", "lessThan": "662a80946ce13633ae90a55379f1346c10f0c432", "status": "affected", "versionType": "git"}, {"version": "60bc010667ef06e0fb08d5ec599c0977adc2ac72", "status": "affected", "versionType": "git"}, {"version": "a3b0f6e8a21ef02f69a15abac440572d8cde8c2a", "status": "affected", "versionType": "git"}, {"version": "ec54d5ae9d298abf01c273233de9f2bc25d80475", "status": "affected", "versionType": "git"}, {"version": "da8db0830a2ce63f628150307a01a315f5081202", "status": "affected", "versionType": "git"}, {"version": "9964b4c4ee925b2910723e509abd7241cff1ef84", "status": "affected", "versionType": "git"}, {"version": "9d054f57adc981a5f503d5eb9b259aa450b90dc5", "status": "affected", "versionType": "git"}, {"version": "72032798034d921ed565e3bf8dfdc3098f6473e2", "status": "affected", "versionType": "git"}, {"version": "5c77e26862ce604edea05b3442ed765e9756fe0f", "status": "affected", "versionType": "git"}, {"version": "bad967fdd8ecbdd171f5f243657be033d2d081a7", "status": "affected", "versionType": "git"}, {"version": "58a6a46a036ce81a2a8ecaa6fc1537c894349e3f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/unix/af_unix.c"], "versions": [{"version": "4.4", "status": "affected"}, {"version": "0", "lessThan": "4.4", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.247", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.198", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.122", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.47", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17.15", "lessThanOrEqual": "5.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18.4", "lessThanOrEqual": "5.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4", "versionEndExcluding": "4.19.247"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4", "versionEndExcluding": "5.4.198"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4", "versionEndExcluding": "5.10.122"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4", "versionEndExcluding": "5.15.47"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4", "versionEndExcluding": "5.17.15"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4", "versionEndExcluding": "5.18.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4", "versionEndExcluding": "5.19"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.32.70"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.2.75"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.4.111"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.10.95"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.12.52"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.14.59"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18.26"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.1.15"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3.3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/95f0ba806277733bf6024e23e27e1be773701cca"}, {"url": "https://git.kernel.org/stable/c/556720013c36c193d9cbfb06e7b33e51f0c39fbf"}, {"url": "https://git.kernel.org/stable/c/c61848500a3fd6867dfa4834b8c7f97133eceb9f"}, {"url": "https://git.kernel.org/stable/c/c926ae58f24f7bd55aa2ea4add9f952032507913"}, {"url": "https://git.kernel.org/stable/c/71e8bfc7f838cabc60cba24e09ca84c4f8321ab2"}, {"url": "https://git.kernel.org/stable/c/8801eb3ccd2e4e3b1a01449383e3321ae6dbd9d6"}, {"url": "https://git.kernel.org/stable/c/662a80946ce13633ae90a55379f1346c10f0c432"}], "title": "af_unix: Fix a data-race in unix_dgram_peer_wake_me().", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-49344", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-01T19:42:59.516016Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-01T19:46:54.869Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-49344", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-01T19:42:59.516016Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-01T16:16:15.840Z"}}], "cna": {"title": "af_unix: Fix a data-race in unix_dgram_peer_wake_me().", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "7d267278a9ece963d77eefec61630223fce08c6c", "lessThan": "95f0ba806277733bf6024e23e27e1be773701cca", "versionType": "git"}, {"status": "affected", "version": "7d267278a9ece963d77eefec61630223fce08c6c", "lessThan": "556720013c36c193d9cbfb06e7b33e51f0c39fbf", "versionType": "git"}, {"status": "affected", "version": "7d267278a9ece963d77eefec61630223fce08c6c", "lessThan": "c61848500a3fd6867dfa4834b8c7f97133eceb9f", "versionType": "git"}, {"status": "affected", "version": "7d267278a9ece963d77eefec61630223fce08c6c", "lessThan": "c926ae58f24f7bd55aa2ea4add9f952032507913", "versionType": "git"}, {"status": "affected", "version": "7d267278a9ece963d77eefec61630223fce08c6c", "lessThan": "71e8bfc7f838cabc60cba24e09ca84c4f8321ab2", "versionType": "git"}, {"status": "affected", "version": "7d267278a9ece963d77eefec61630223fce08c6c", "lessThan": "8801eb3ccd2e4e3b1a01449383e3321ae6dbd9d6", "versionType": "git"}, {"status": "affected", "version": "7d267278a9ece963d77eefec61630223fce08c6c", "lessThan": "662a80946ce13633ae90a55379f1346c10f0c432", "versionType": "git"}, {"status": "affected", "version": "60bc010667ef06e0fb08d5ec599c0977adc2ac72", "versionType": "git"}, {"status": "affected", "version": "a3b0f6e8a21ef02f69a15abac440572d8cde8c2a", "versionType": "git"}, {"status": "affected", "version": "ec54d5ae9d298abf01c273233de9f2bc25d80475", "versionType": "git"}, {"status": "affected", "version": "da8db0830a2ce63f628150307a01a315f5081202", "versionType": "git"}, {"status": "affected", "version": "9964b4c4ee925b2910723e509abd7241cff1ef84", "versionType": "git"}, {"status": "affected", "version": "9d054f57adc981a5f503d5eb9b259aa450b90dc5", "versionType": "git"}, {"status": "affected", "version": "72032798034d921ed565e3bf8dfdc3098f6473e2", "versionType": "git"}, {"status": "affected", "version": "5c77e26862ce604edea05b3442ed765e9756fe0f", "versionType": "git"}, {"status": "affected", "version": "bad967fdd8ecbdd171f5f243657be033d2d081a7", "versionType": "git"}, {"status": "affected", "version": "58a6a46a036ce81a2a8ecaa6fc1537c894349e3f", "versionType": "git"}], "programFiles": ["net/unix/af_unix.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.4"}, {"status": "unaffected", "version": "0", "lessThan": "4.4", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.247", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.198", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.122", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.47", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.17.15", "versionType": "semver", "lessThanOrEqual": "5.17.*"}, {"status": "unaffected", "version": "5.18.4", "versionType": "semver", "lessThanOrEqual": "5.18.*"}, {"status": "unaffected", "version": "5.19", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/unix/af_unix.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/95f0ba806277733bf6024e23e27e1be773701cca"}, {"url": "https://git.kernel.org/stable/c/556720013c36c193d9cbfb06e7b33e51f0c39fbf"}, {"url": "https://git.kernel.org/stable/c/c61848500a3fd6867dfa4834b8c7f97133eceb9f"}, {"url": "https://git.kernel.org/stable/c/c926ae58f24f7bd55aa2ea4add9f952032507913"}, {"url": "https://git.kernel.org/stable/c/71e8bfc7f838cabc60cba24e09ca84c4f8321ab2"}, {"url": "https://git.kernel.org/stable/c/8801eb3ccd2e4e3b1a01449383e3321ae6dbd9d6"}, {"url": "https://git.kernel.org/stable/c/662a80946ce13633ae90a55379f1346c10f0c432"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix a data-race in unix_dgram_peer_wake_me().\n\nunix_dgram_poll() calls unix_dgram_peer_wake_me() without `other`'s\nlock held and check if its receive queue is full. Here we need to\nuse unix_recvq_full_lockless() instead of unix_recvq_full(), otherwise\nKCSAN will report a data-race."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.19.247", "versionStartIncluding": "4.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.198", "versionStartIncluding": "4.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.122", "versionStartIncluding": "4.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.47", "versionStartIncluding": "4.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.17.15", "versionStartIncluding": "4.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.18.4", "versionStartIncluding": "4.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.19", "versionStartIncluding": "4.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "2.6.32.70"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "3.2.75"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "3.4.111"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "3.10.95"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "3.12.52"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "3.14.59"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "3.18.26"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "4.1.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "4.2.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "4.3.3"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:44:29.570Z"}}}, "cveMetadata": {"cveId": "CVE-2022-49344", "state": "PUBLISHED", "dateUpdated": "2025-10-01T19:46:54.869Z", "dateReserved": "2025-02-26T02:08:31.542Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2025-02-26T02:11:00.498Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5638A0E8-3156-4172-8646-A06234434789", "versionEndExcluding": "3.3", "versionStartIncluding": "3.2.75", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E52E1F3C-10B4-4F40-8A2A-9594BC2B215D", "versionEndExcluding": "3.5", "versionStartIncluding": "3.4.111", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC5478BC-B6FF-4B04-987C-ADAEAE43CBA8", "versionEndExcluding": "3.11", "versionStartIncluding": "3.10.95", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "06C65A71-8C38-4C15-8A5D-CFA8D65BFCA0", "versionEndExcluding": "3.13", "versionStartIncluding": "3.12.52", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A2F1110-C965-4944-9689-F1761C69A6D1", "versionEndExcluding": "3.15", "versionStartIncluding": "3.14.59", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "830AF0C0-9263-4CB8-A52B-833DA911C43B", "versionEndExcluding": "3.19", "versionStartIncluding": "3.18.26", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "30BD25FB-1AEB-4577-9EA8-05D01771198D", "versionEndExcluding": "4.2", "versionStartIncluding": "4.1.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECDD7212-EFE8-403A-B34A-CE83B1E7139D", "versionEndExcluding": "4.3", "versionStartIncluding": "4.2.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEFFC18C-45D7-41A2-B7D9-545D81B3F8D8", "versionEndExcluding": "4.19.247", "versionStartIncluding": "4.3.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EC49633-14DE-4EBD-BB80-76AE2E3EABB9", "versionEndExcluding": "5.4.198", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B42AA01-44D8-4572-95E6-FF8E374CF9C5", "versionEndExcluding": "5.10.122", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC042EE3-4864-4325-BE0B-4BCDBF11AA61", "versionEndExcluding": "5.15.47", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "53E7AA2E-2FB4-45CA-A22B-08B4EDBB51AD", "versionEndExcluding": "5.17.15", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA6D643C-6D6A-4821-8A8D-B5776B8F0103", "versionEndExcluding": "5.18.4", "versionStartIncluding": "5.18", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "A8C30C2D-F82D-4D37-AB48-D76ABFBD5377", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix a data-race in unix_dgram_peer_wake_me().\n\nunix_dgram_poll() calls unix_dgram_peer_wake_me() without `other`'s\nlock held and check if its receive queue is full. Here we need to\nuse unix_recvq_full_lockless() instead of unix_recvq_full(), otherwise\nKCSAN will report a data-race."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: af_unix: Se solucion\u00f3 una ejecuci\u00f3n de datos en unix_dgram_peer_wake_me(). unix_dgram_poll() llama a unix_dgram_peer_wake_me() sin el bloqueo de `other` y verifica si su cola de recepci\u00f3n est\u00e1 llena. Aqu\u00ed necesitamos usar unix_recvq_full_lockless() en lugar de unix_recvq_full(), de lo contrario KCSAN informar\u00e1 una ejecuci\u00f3n de datos."}], "id": "CVE-2022-49344", "lastModified": "2025-10-01T20:16:11.017", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-02-26T07:01:11.140", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/556720013c36c193d9cbfb06e7b33e51f0c39fbf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/662a80946ce13633ae90a55379f1346c10f0c432"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/71e8bfc7f838cabc60cba24e09ca84c4f8321ab2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8801eb3ccd2e4e3b1a01449383e3321ae6dbd9d6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/95f0ba806277733bf6024e23e27e1be773701cca"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c61848500a3fd6867dfa4834b8c7f97133eceb9f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c926ae58f24f7bd55aa2ea4add9f952032507913"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-362"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:6583", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-362.8.1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}, {"advisory": "RHSA-2023:6583", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-362.8.1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}], "bugzilla": {"description": "kernel: af_unix: Fix a data-race in unix_dgram_peer_wake_me().", "id": "2347694", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347694"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-362", "details": ["In the Linux kernel, the following vulnerability has been resolved:\naf_unix: Fix a data-race in unix_dgram_peer_wake_me().\nunix_dgram_poll() calls unix_dgram_peer_wake_me() without `other`'s\nlock held and check if its receive queue is full. Here we need to\nuse unix_recvq_full_lockless() instead of unix_recvq_full(), otherwise\nKCSAN will report a data-race."], "name": "CVE-2022-49344", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49344\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49344\nhttps://lore.kernel.org/linux-cve-announce/2025022641-CVE-2022-49344-2b3a@gregkh/T"], "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object