Description
In the Linux kernel, the following vulnerability has been resolved: dccp: fix data-race around dp->dccps_mss_cache dccp_sendmsg() reads dp->dccps_mss_cache before locking the socket. Same thing in do_dccp_getsockopt(). Add READ_ONCE()/WRITE_ONCE() annotations, and change dccp_sendmsg() to check again dccps_mss_cache after socket is locked.
Product status
7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c (git) before 162fa1e3cfb62aa780d7c40c8cccb6c2f8bef7c1
7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c (git) before 2bdc7f272b3a110a4e1fdee6c47c8d20f9b20817
7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c (git) before 67eebc7a9217f999b779d46fba5312a716f0dc1d
7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c (git) before 6d701c95ee6463abcbb6da543060d6e444554135
7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c (git) before f239c9e1d98b313435481b4926e8bdd06197e4d8
7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c (git) before a6ddc1c774874dc704f96a99d015dc759627bba7
7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c (git) before d1f38d313bdfc52fb2f662e66d0c60dd1cfe2384
7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c (git) before a47e598fbd8617967e49d85c49c22f9fc642704c
2.6.14
Any version before 2.6.14
4.14.323 (semver)
4.19.292 (semver)
5.4.254 (semver)
5.10.191 (semver)
5.15.127 (semver)
6.1.46 (semver)
6.4.11 (semver)
6.5 (original_commit_for_fix)
References
git.kernel.org/...c/162fa1e3cfb62aa780d7c40c8cccb6c2f8bef7c1
git.kernel.org/...c/2bdc7f272b3a110a4e1fdee6c47c8d20f9b20817
git.kernel.org/...c/67eebc7a9217f999b779d46fba5312a716f0dc1d
git.kernel.org/...c/6d701c95ee6463abcbb6da543060d6e444554135
git.kernel.org/...c/f239c9e1d98b313435481b4926e8bdd06197e4d8
git.kernel.org/...c/a6ddc1c774874dc704f96a99d015dc759627bba7
git.kernel.org/...c/d1f38d313bdfc52fb2f662e66d0c60dd1cfe2384
git.kernel.org/...c/a47e598fbd8617967e49d85c49c22f9fc642704c
