CVE-2022-1247 — Race Condition in Kernel

CWE-362 — Race Condition CWE-366 — Race Condition within a Thread6 documents6 sources

Severity

7.0HIGHNVD

EPSS

0.0%

top 92.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Fedoraproject Fedora Redhat Enterprise Linux

Timeline

PublishedAug 31

Latest updateSep 1

Description

An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5linux/linux_kernelNot-Known

Also affects: Enterprise Linux 9.0, Fedora 36

🔴Vulnerability Details

GHSA

GHSA-78wg-6vv7-mj9q: An issue found in linux-kernel that leads to a race condition in rose_connect()↗2022-09-01

▶

OSV

CVE-2022-1247: An issue found in linux-kernel that leads to a race condition in rose_connect()↗2022-08-31

▶

CVEList

CVE-2022-1247: An issue found in linux-kernel that leads to a race condition in rose_connect()↗2022-08-31

▶

📋Vendor Advisories

Red Hat

kernel: A race condition bug in rose_connect()↗2022-05-11

▶

Debian

CVE-2022-1247: linux - An issue found in linux-kernel that leads to a race condition in rose_connect()....↗2022

▶