CVE-2022-49588
📋 TL;DR
This CVE describes a race condition vulnerability in the Linux kernel's TCP implementation where concurrent access to the sysctl_tcp_migrate_req variable could lead to inconsistent state. It affects Linux systems with vulnerable kernel versions, potentially allowing local attackers to cause denial of service or other undefined behavior. The vulnerability requires local access to the system.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local attacker could cause kernel panic or system crash leading to denial of service
Likely Case
System instability, connection handling issues, or performance degradation in TCP operations
If Mitigated
Minimal impact with proper access controls limiting local user privileges
🎯 Exploit Status
Exploitation requires local access and precise timing to trigger the race condition. No public exploits have been reported.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in stable kernel releases via commits: 4177f545895b1da08447a80692f30617154efa6e, 6e569a11eea20a1ccebc3c4e6366bf0574a449e1, fcf6c6d8aeffebca66f37b17ef1b57112e5e09c1
Vendor Advisory: https://git.kernel.org/stable/c/4177f545895b1da08447a80692f30617154efa6e
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update. 4. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable TCP migration feature
linuxSet sysctl_tcp_migrate_req to 0 to disable the vulnerable feature
echo 0 > /proc/sys/net/ipv4/tcp_migrate_req
sysctl -w net.ipv4.tcp_migrate_req=0
🧯 If You Can't Patch
- Implement strict access controls to limit local user privileges
- Monitor system logs for kernel panics or TCP connection anomalies
🔍 How to Verify
Check if Vulnerable:
Check kernel version against distribution security advisories. Vulnerable if using unpatched kernel with TCP migration enabled.Check Version:
uname -rVerify Fix Applied:
Verify kernel version matches patched release and check that sysctl_tcp_migrate_req has proper synchronization📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- TCP connection failures
- System instability reports
Network Indicators:
- Abnormal TCP connection behavior
- Connection migration failures
SIEM Query:
source="kernel" AND ("panic" OR "oops" OR "TCP migration")