CVE-2022-49593
📋 TL;DR
This CVE describes a race condition vulnerability in the Linux kernel's TCP implementation where the sysctl_tcp_probe_interval variable can be read while being modified concurrently. This could lead to inconsistent or incorrect TCP probe timing behavior. It affects Linux systems with vulnerable kernel versions.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Inconsistent TCP probe timing could potentially cause network instability, connection timeouts, or degraded network performance in specific configurations.
Likely Case
Minimal to no practical impact in most environments as this is a low-severity race condition affecting a specific TCP timing parameter.
If Mitigated
No impact if patched or if the affected TCP probe functionality is not being used.
🎯 Exploit Status
This is a race condition requiring precise timing and specific conditions to trigger any observable effect.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with the git commits referenced in the CVE description
Vendor Advisory: https://git.kernel.org/stable/c/2a85388f1d94a9f8b5a529118a2c5eaa0520d85c
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable TCP probe functionality
linuxSet sysctl_tcp_probe_interval to 0 to disable TCP probe timing
sysctl -w net.ipv4.tcp_probe_interval=0
🧯 If You Can't Patch
- Monitor systems for network instability or TCP connection issues
- Consider implementing network segmentation to limit blast radius
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with distribution's security advisories for affected versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version after update matches patched version from vendor advisory📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing TCP probe timing anomalies or network stack warnings
Network Indicators:
- Unexpected TCP connection timeouts or retransmissions
SIEM Query:
Search for kernel version strings matching vulnerable versions in system inventory data🔗 References
- https://git.kernel.org/stable/c/2a85388f1d94a9f8b5a529118a2c5eaa0520d85c
- https://git.kernel.org/stable/c/73a11588751a2c13f25d9da8117efc9a79b1843f
- https://git.kernel.org/stable/c/80dabd089086e6553b7acfcff2ec223bdada87a1
- https://git.kernel.org/stable/c/b14cc8afbbcbc6dce4797913c0b85266b897f541
- https://git.kernel.org/stable/c/b3798d3519eda9c409bb0815b0102f27ec42468d
- https://git.kernel.org/stable/c/c61aede097d350d890fa1edc9521b0072e14a0b8
- https://git.kernel.org/stable/c/e6b6f027e2854a51f345a5e3e808d7a88001d4f8
