CVE-2022-49420

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version that includes the fix for the data-race issue in ip6 datagram connect and udpv6 sendmsg

Description A data-race issue exists in the Linux kernel, specifically in the ip6 datagram connect and udpv6 sendmsg functions. This issue is caused by the lockless nature of UDP sendmsg(), which reads sk->sk bound dev if while this field can be changed by another thread. The Kernel Concurrency Sanitizer reported this issue, which has minor consequences.

Recommendations For Linux kernel versions prior to the fixed version, consider applying patches that add annotations to avoid KCSAN splats for UDP, such as the one that adds minimal annotations to potential lockless readers. As a temporary workaround, consider restricting access to the udpv6 sendmsg function until a patch is available.