Linux Kernel IGMP Sysctl Data-Race Vulnerability

Vulnerability

A data-race vulnerability has been identified in the Linux kernel's IGMP (Internet Group Management Protocol) handling. The issue arises in the sysctl_igmp_llm_reports variable, which can be modified concurrently while being read. This vulnerability affects multiple versions of the Linux kernel that handle IGMP reports. To address this issue, the READ_ONCE() function needs to be added to the variable's readers, ensuring proper synchronization.

Impact

Exploitation of this vulnerability can lead to inconsistent or unexpected behavior in the handling of IGMP reports, potentially causing issues in multicast traffic management.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel IGMP Sysctl Data-Race Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating