CVE-2022-49597 – This CVE describes a race condition vulnerabili... (How to Fix)

Q: What is the severity of CVE-2022-49597?

CVE-2022-49597 has a CVSS score of 4.7 (MEDIUM). This CVE describes a race condition vulnerability in the Linux kernel's TCP implementation where concurrent access to the sysctl_tcp_base_mss variable could lead to inconsistent reads. This affects Linux systems using the vulnerable kernel versions and could potentially cause network instability or denial of service. Attackers with local access could exploit this to disrupt TCP connections.

📋 TL;DR

This CVE describes a race condition vulnerability in the Linux kernel's TCP implementation where concurrent access to the sysctl_tcp_base_mss variable could lead to inconsistent reads. This affects Linux systems using the vulnerable kernel versions and could potentially cause network instability or denial of service. Attackers with local access could exploit this to disrupt TCP connections.

💻 Affected Systems

Products:

Linux Kernel

Versions: Specific vulnerable kernel versions referenced in the git commits (exact ranges depend on distribution backports)

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: All Linux systems using the affected kernel code are vulnerable by default. The vulnerability is in core TCP networking code.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker could cause kernel panic or system crash by manipulating the variable during critical operations, leading to denial of service.

🟠

Likely Case

Network instability, TCP connection failures, or performance degradation due to inconsistent Maximum Segment Size values.

🟢

If Mitigated

Minor performance impact or occasional connection issues if exploited with limited access.

🌐 Internet-Facing: LOW - Requires local access to exploit, not directly reachable from internet.

🏢 Internal Only: MEDIUM - Local attackers or malicious processes could exploit this to disrupt network services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires precise timing and local access. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the git commits referenced in the CVE

Vendor Advisory: https://git.kernel.org/stable/c/30b73edc1d2459ba2c71cb58fbf84a1a6e640fbf

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Restrict access to sysctl

linux

Limit which users can modify kernel parameters via sysctl

echo 'kernel.sysrq = 0' >> /etc/sysctl.conf
sysctl -p

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized local users from running code
Monitor system logs for unusual network behavior or kernel warnings

🔍 How to Verify

Check if Vulnerable:

Check kernel version against your distribution's security advisories. Vulnerable if using unpatched kernel with the affected code.

Check Version:

uname -r

Verify Fix Applied:

Check that kernel version matches patched version from vendor advisory and verify no errors in dmesg related to TCP

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
TCP connection resets in network logs
dmesg warnings about TCP

Network Indicators:

Unexpected TCP connection failures
Network performance degradation

SIEM Query:

source="kernel" AND ("panic" OR "TCP" AND "error")

📊 Metadata

CVE ID: CVE-2022-49597

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-362

EPSS Score: 0.04% exploit probability (12th percentile)

Published: February 26, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49597, you might also want to check these: