CVE-2022-50265

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a data-race condition within the kcm (Kernel Connection Multiplexor) subsystem. Specifically, kcm->rx psock can be read without a lock in the kcm rfree() function, leading to potential inconsistencies when accessed concurrently. This issue was identified through Kernel Concurrency Sanitizer (KCSAN) reporting and syzbot testing, revealing a data-race in kcm rcv strparser and kcm rfree. The vulnerability involves writes and reads to memory locations during socket operations, potentially triggered by functions like kcm recvmsg, strp recv, and tcp read sock.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.