Login Sign Up

CVE-2022-49631

4.7 MEDIUM

📋 TL;DR

This CVE describes a race condition vulnerability in the Linux kernel's raw socket handling. When multiple processes read the sysctl_raw_l3mdev_accept system control variable concurrently while it's being modified, inconsistent values may be read, potentially leading to incorrect network packet handling decisions. This affects Linux systems with raw socket functionality enabled.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not explicitly stated in CVE; typically affects multiple stable kernel versions before the fix commits
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires raw socket functionality; impact depends on system configuration and whether raw sockets are in use

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could potentially manipulate raw socket behavior to bypass network security controls, intercept or modify network traffic, or cause denial of service by exploiting inconsistent kernel state.

🟠

Likely Case

Most exploitation would result in unpredictable network behavior, potential packet loss, or minor system instability rather than full system compromise.

🟢

If Mitigated

With proper kernel hardening and network segmentation, impact would be limited to potential minor performance issues or localized network anomalies.

🌐 Internet-Facing: LOW - This requires local access or ability to execute code on the system; not directly exploitable from remote networks.
🏢 Internal Only: MEDIUM - Local attackers or compromised processes could potentially exploit this to affect network operations on the host.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: HIGH - Requires precise timing and local access to trigger race condition

Race conditions are difficult to reliably exploit; this is more likely to cause instability than direct compromise

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits referenced in CVE (038a87b3e460d2ee579c8b1bd3890d816d6687b1 and others)

Vendor Advisory: https://git.kernel.org/stable/c/038a87b3e460d2ee579c8b1bd3890d816d6687b1

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing fix commits
2. Check distribution-specific security advisories
3. Reboot system to load new kernel

🔧 Temporary Workarounds

Disable raw socket functionality

linux

Prevent use of raw sockets which reduces attack surface

echo 0 > /proc/sys/net/ipv4/raw_l3mdev_accept
sysctl -w net.ipv4.raw_l3mdev_accept=0

🧯 If You Can't Patch

  • Implement strict access controls to prevent unauthorized local users from executing code
  • Monitor system for unusual network behavior or kernel panics

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with distribution security advisories; examine if raw socket functionality is enabled

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits; check that sysctl_raw_l3mdev_accept is properly synchronized

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages
  • Network subsystem errors in dmesg
  • Unexpected raw socket activity

Network Indicators:

  • Unusual raw socket traffic patterns
  • Packet handling anomalies

SIEM Query:

source="kernel" AND ("raw_l3mdev" OR "race condition" OR "synchronization")

📊 Metadata

CVE ID: CVE-2022-49631
CVSS v3 Score: 4.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-362
EPSS Score: 0.03% exploit probability (7.1th percentile)
Published: February 26, 2025
Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49631, you might also want to check these:

CVE-2025-43275 9.8

A race condition vulnerability in macOS allows malicious applications to escape their sandbox restri...

Same vulnerability type (CWE-362)
CVE-2021-32810 9.8

A race condition in crossbeam-deque Rust library versions before 0.7.4 and 0.8.0 allows tasks in wor...

Same vulnerability type (CWE-362)
CVE-2025-30444 9.8

A race condition vulnerability in macOS SMB client allows attackers to cause system termination (ker...

Same vulnerability type (CWE-362)