{
  "threat_severity" : "Low",
  "public_date" : "2025-02-26T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: ipv4: Fix data-races around sysctl_fib_multipath_hash_policy.",
    "id" : "2348016",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2348016"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.7",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-362",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nipv4: Fix data-races around sysctl_fib_multipath_hash_policy.\nWhile reading sysctl_fib_multipath_hash_policy, it can be changed\nconcurrently.  Thus, we need to add READ_ONCE() to its readers." ],
  "statement" : "The bug is that during reading of the variable ipv4.sysctl_fib_multipath_hash_policy potentially could read incorrect value if race happens (if simultaneously value of this variable being changed). Since corruption could happen only during reading and value of variable itself not corrupted and very complex or impossible to trigger the bug, the security impact is limited. Only root user or other privileged user can change value of this variable.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-49579\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49579\nhttps://lore.kernel.org/linux-cve-announce/2025022608-CVE-2022-49579-4f40@gregkh/T" ],
  "name" : "CVE-2022-49579",
  "csaw" : false
}