CVE-2022-49573 – This CVE describes a race condition vulnerabili... (How to Fix)

Q: What is the severity of CVE-2022-49573?

CVE-2022-49573 has a CVSS score of 4.7 (MEDIUM). This CVE describes a race condition vulnerability in the Linux kernel's TCP implementation where the sysctl_tcp_early_retrans variable can be read while being modified concurrently, potentially causing inconsistent behavior. This affects all Linux systems using vulnerable kernel versions. The vulnerability could lead to unexpected TCP retransmission behavior.

📋 TL;DR

This CVE describes a race condition vulnerability in the Linux kernel's TCP implementation where the sysctl_tcp_early_retrans variable can be read while being modified concurrently, potentially causing inconsistent behavior. This affects all Linux systems using vulnerable kernel versions. The vulnerability could lead to unexpected TCP retransmission behavior.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific vulnerable kernel versions referenced in the git commits (need to check exact ranges from provided links)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: All Linux systems using the affected kernel versions are vulnerable regardless of configuration.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Inconsistent TCP retransmission behavior causing connection instability, performance degradation, or denial of service in network-dependent applications.

🟠

Likely Case

Minor performance impact or occasional connection issues due to inconsistent TCP retransmission timing.

🟢

If Mitigated

No impact when proper kernel patches are applied or when systems are not under heavy concurrent network configuration changes.

🌐 Internet-Facing: LOW - This is a kernel-level race condition that requires local access or specific conditions to trigger, not directly exploitable over the network.

🏢 Internal Only: LOW - Requires local access to modify sysctl parameters while they're being read, which is typically restricted to privileged users.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH

This is a race condition requiring precise timing and local access. No known exploits in the wild.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fixes from the provided git commits

Vendor Advisory: https://git.kernel.org/stable/c/11e8b013d16e5db63f8f76acceb5b86964098aaa

Restart Required: Yes

Instructions:

1. Update to a patched kernel version from your distribution's repositories. 2. Reboot the system to load the new kernel.

🔧 Temporary Workarounds

Restrict sysctl access

linux

Limit access to sysctl parameters to prevent concurrent modification

chmod 644 /proc/sys/net/ipv4/tcp_early_retrans
echo 'kernel.sysrq = 0' >> /etc/sysctl.conf
sysctl -p

🧯 If You Can't Patch

Restrict access to sysctl parameters to root only
Monitor system logs for unusual TCP behavior and implement network monitoring

🔍 How to Verify

Check if Vulnerable:

Check kernel version against affected ranges: uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to a patched version and check git commit history includes the fix

📡 Detection & Monitoring

Log Indicators:

Kernel logs showing TCP retransmission anomalies
System logs with network stack errors

Network Indicators:

Unusual TCP retransmission patterns
Connection instability in network monitoring

SIEM Query:

source="kernel" AND ("TCP" AND "retrans" OR "early_retrans")

📊 Metadata

CVE ID: CVE-2022-49573

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-362

EPSS Score: 0.03% exploit probability (7.2th percentile)

Published: February 26, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49573, you might also want to check these: