CVE-2022-49575
📋 TL;DR
This CVE describes a race condition vulnerability in the Linux kernel's TCP implementation where concurrent reading and writing of the sysctl_tcp_thin_linear_timeouts variable could lead to inconsistent behavior. It affects Linux systems with vulnerable kernel versions. The vulnerability could potentially cause unexpected TCP connection behavior or denial of service.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Unstable TCP connections leading to denial of service or unexpected network behavior affecting critical services
Likely Case
Intermittent TCP connection issues or performance degradation under specific timing conditions
If Mitigated
Minimal impact with proper kernel patching and system monitoring
🎯 Exploit Status
Race condition vulnerabilities are difficult to reliably exploit in real-world scenarios
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits: 404c53ccdebd11f96954f4070cffac8e0b4d5cb6, 492f3713b282c0e67e951cd804edd22eccc25412, 7c6f2a86ca590d5187a073d987e9599985fb1c7c, a0f96c4f179cb3560078cefccef105e8f1701210, cc133e4f4bc225079198192623945bb872c08143
Vendor Advisory: https://git.kernel.org/stable/c/
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version 2. Reboot system 3. Verify kernel version after reboot
🔧 Temporary Workarounds
Disable thin linear timeouts
linuxTemporarily disable the vulnerable feature by setting sysctl_tcp_thin_linear_timeouts to 0
sysctl -w net.ipv4.tcp_thin_linear_timeouts=0
echo 'net.ipv4.tcp_thin_linear_timeouts = 0' >> /etc/sysctl.conf
sysctl -p
🧯 If You Can't Patch
- Implement the sysctl workaround to disable thin linear timeouts
- Monitor system logs for TCP connection anomalies and implement network segmentation
🔍 How to Verify
Check if Vulnerable:
Check kernel version against vulnerable versions in git commitsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version matches patched versions and check sysctl_tcp_thin_linear_timeouts value📡 Detection & Monitoring
Log Indicators:
- TCP connection timeouts
- Unexpected TCP state changes
- Kernel panic or oops messages
Network Indicators:
- Unusual TCP retransmission patterns
- Connection instability
SIEM Query:
source="kernel" AND ("TCP" OR "timeout") AND severity>=WARNING🔗 References
- https://git.kernel.org/stable/c/404c53ccdebd11f96954f4070cffac8e0b4d5cb6
- https://git.kernel.org/stable/c/492f3713b282c0e67e951cd804edd22eccc25412
- https://git.kernel.org/stable/c/7c6f2a86ca590d5187a073d987e9599985fb1c7c
- https://git.kernel.org/stable/c/a0f96c4f179cb3560078cefccef105e8f1701210
- https://git.kernel.org/stable/c/cc133e4f4bc225079198192623945bb872c08143
- https://git.kernel.org/stable/c/f4b0295be9a3c4260de4585fac4062e602a88ac7
