{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-49957","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-06-18T10:57:27.382Z","datePublished":"2025-06-18T11:00:19.238Z","dateUpdated":"2026-05-11T19:09:56.968Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:09:56.968Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: fix strp_init() order and cleanup\n\nstrp_init() is called just a few lines above this csk->sk_user_data\ncheck, it also initializes strp->work etc., therefore, it is\nunnecessary to call strp_done() to cancel the freshly initialized\nwork.\n\nAnd if sk_user_data is already used by KCM, psock->strp should not be\ntouched, particularly strp->work state, so we need to move strp_init()\nafter the csk->sk_user_data check.\n\nThis also makes a lockdep warning reported by syzbot go away."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/kcm/kcmsock.c"],"versions":[{"version":"44890e9ff771ef11777b2d1ebf8589255eb12502","lessThan":"473f394953216614087f4179e55cdf0cf616a13b","status":"affected","versionType":"git"},{"version":"e5571240236c5652f3e079b1d5866716a7ad819c","lessThan":"a8a0c321319ad64a5427d6172cd9c23b4d6ca1e8","status":"affected","versionType":"git"},{"version":"e5571240236c5652f3e079b1d5866716a7ad819c","lessThan":"0946ff31d1a8778787bf6708beb20f38715267cc","status":"affected","versionType":"git"},{"version":"e5571240236c5652f3e079b1d5866716a7ad819c","lessThan":"1b6666964ca1de93a7bf06e122bcf3616dbd33a9","status":"affected","versionType":"git"},{"version":"e5571240236c5652f3e079b1d5866716a7ad819c","lessThan":"55fb8c3baa8071c5d533a9ad48624e44e2a04ef5","status":"affected","versionType":"git"},{"version":"e5571240236c5652f3e079b1d5866716a7ad819c","lessThan":"f865976baa85915c7672f351b74d5974b93215f6","status":"affected","versionType":"git"},{"version":"e5571240236c5652f3e079b1d5866716a7ad819c","lessThan":"8fc29ff3910f3af08a7c40a75d436b5720efe2bf","status":"affected","versionType":"git"},{"version":"085cbbda4b4cc7dd2ba63806346881c2c2e10107","status":"affected","versionType":"git"},{"version":"383250363daf01eb7aa3728c09ef8a4f6d8a3252","status":"affected","versionType":"git"},{"version":"19042316b9e12c93bf334a04d4dd7a4e846c7311","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/kcm/kcmsock.c"],"versions":[{"version":"4.15","status":"affected"},{"version":"0","lessThan":"4.15","status":"unaffected","versionType":"semver"},{"version":"4.14.293","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.258","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.213","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.142","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.66","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.19.8","lessThanOrEqual":"5.19.*","status":"unaffected","versionType":"semver"},{"version":"6.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.22","versionEndExcluding":"4.14.293"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"4.19.258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.4.213"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.10.142"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.15.66"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.19.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.84"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.100"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.41"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/473f394953216614087f4179e55cdf0cf616a13b"},{"url":"https://git.kernel.org/stable/c/a8a0c321319ad64a5427d6172cd9c23b4d6ca1e8"},{"url":"https://git.kernel.org/stable/c/0946ff31d1a8778787bf6708beb20f38715267cc"},{"url":"https://git.kernel.org/stable/c/1b6666964ca1de93a7bf06e122bcf3616dbd33a9"},{"url":"https://git.kernel.org/stable/c/55fb8c3baa8071c5d533a9ad48624e44e2a04ef5"},{"url":"https://git.kernel.org/stable/c/f865976baa85915c7672f351b74d5974b93215f6"},{"url":"https://git.kernel.org/stable/c/8fc29ff3910f3af08a7c40a75d436b5720efe2bf"}],"title":"kcm: fix strp_init() order and cleanup","x_generator":{"engine":"bippy-1.2.0"}}}}