CVE-2022-49579
📋 TL;DR
This CVE describes a race condition vulnerability in the Linux kernel's IPv4 multipath routing hash policy implementation. Attackers could potentially manipulate network routing decisions by exploiting concurrent access to the sysctl_fib_multipath_hash_policy variable. This affects Linux systems with multipath routing enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
An attacker could manipulate network routing decisions to cause traffic interception, man-in-the-middle attacks, or network disruption by forcing packets through specific paths.
Likely Case
Limited impact due to the race condition nature; most likely would cause inconsistent routing behavior rather than direct exploitation.
If Mitigated
With proper kernel patching, the race condition is eliminated through proper synchronization using READ_ONCE() operations.
🎯 Exploit Status
Race conditions are difficult to reliably exploit and require specific timing conditions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 21fb844bc1dc, 7998c12a08c9, or 918ee6592ab9
Vendor Advisory: https://git.kernel.org/stable/c/21fb844bc1dc1461f5038d655aa1a14f39e13049
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Reboot system to load new kernel. 3. Verify kernel version with 'uname -r'.
🔧 Temporary Workarounds
Disable multipath routing
linuxDisable IPv4 multipath routing if not required
sysctl -w net.ipv4.fib_multipath_hash_policy=0
echo 0 > /proc/sys/net/ipv4/fib_multipath_hash_policy
🧯 If You Can't Patch
- Disable multipath routing functionality
- Restrict local user access to systems with multipath routing enabled
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if multipath routing is enabled: 'sysctl net.ipv4.fib_multipath_hash_policy'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and check kernel source for READ_ONCE() usage in fib_multipath_hash_policy readers📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing routing anomalies
- Unexpected changes in network traffic patterns
Network Indicators:
- Abnormal routing behavior
- Traffic taking unexpected network paths
SIEM Query:
Search for kernel logs containing 'multipath' or routing errors