How severe is CVE-2022-46174?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.2 out of 10.

What type of vulnerability is CVE-2022-46174?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2022-46174

MEDIUM Year: 2022

CVSS v3 Score

4.2

Medium

Weakness Type

CWE-362

View all →

Vulnerability Description

efs-utils is a set of Utilities for Amazon Elastic File System (EFS). A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1.34.3 and below. When using TLS to mount file systems, the mount helper allocates a local port for stunnel to receive NFS connections prior to applying the TLS tunnel. In affected versions, concurrent mount operations can allocate the same local port, leading to either failed mount operations or an inappropriate mapping from an EFS customer’s local mount points to that customer’s EFS file systems. This issue is patched in version v1.34.4. There is no recommended work around. We recommend affected users update the installed version of efs-utils to v1.34.4 or later.

CVE-2019-19537

MEDIUM

CVSS:4.2(Medium)

In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/c...

CWE-3622019

CVE-2020-10575

MEDIUM

CVSS:4.2(Medium)

An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or...

CWE-3622020

CVE-2020-14416

MEDIUM

CVSS:4.2(Medium)

In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip...

CWE-3622020

CVE-2022-41848

MEDIUM

CVSS:4.2(Medium)

drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, ...

CWE-3622022

CVE-2022-41849

MEDIUM

CVSS:4.2(Medium)

drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a ...

CWE-3622022

CVE-2024-24254

MEDIUM

CVSS:4.2(Medium)

PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. This...

CWE-3622024

CVE-2022-46174

Vulnerability Description

Related Vulnerabilities

CVE-2019-19537

CVE-2020-10575

CVE-2020-14416

CVE-2022-41848

CVE-2022-41849

CVE-2024-24254