Race Condition Affecting dlm-kmp-default package, versions <5.14.21-150500.55.100.1


Severity

Recommended
0.0
medium
0
10

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
0.18% (8th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-SLES155-DLMKMPDEFAULT-9702469
  • published15 Apr 2025
  • disclosed14 Apr 2025

Introduced: 14 Apr 2025

CVE-2022-49634  (opens in a new tab)
CWE-362  (opens in a new tab)

How to fix?

Upgrade SLES:15.5 dlm-kmp-default to version 5.14.21-150500.55.100.1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream dlm-kmp-default package and not the dlm-kmp-default package as distributed by SLES. See How to fix? for SLES:15.5 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

sysctl: Fix data-races in proc_dou8vec_minmax().

A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing.

This patch changes proc_dou8vec_minmax() to use READ_ONCE() and WRITE_ONCE() internally to fix data-races on the sysctl side. For now, proc_dou8vec_minmax() itself is tolerant to a data-race, but we still need to add annotations on the other subsystem's side.

CVSS Base Scores

version 3.1