Linux Kernel UDP Data-Race Vulnerability in sysctl_udp_l3mdev_accept

Vulnerability

A data-race vulnerability has been identified in the Linux kernel's UDP implementation, specifically around the sysctl_udp_l3mdev_accept parameter. This vulnerability arises because the parameter can be changed concurrently while it is being read, creating a race condition. The issue has been addressed by adding a READ_ONCE() directive to the parameter's reader.

Impact

Exploitation of this vulnerability could lead to a data race condition, where concurrent read and write operations on sysctl_udp_l3mdev_accept could cause inconsistent or unexpected behavior in the UDP stack.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel UDP Data-Race Vulnerability in sysctl_udp_l3mdev_accept

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating