Login Sign Up

CVE-2022-49640

4.7 MEDIUM

📋 TL;DR

This CVE describes a data race vulnerability in the Linux kernel's sysctl subsystem, specifically in the proc_douintvec_minmax() function. Concurrent access to sysctl variables could lead to inconsistent or corrupted values being read or written. This affects all Linux systems using vulnerable kernel versions.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific vulnerable versions not explicitly listed in CVE, but patches exist for multiple stable branches
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: All Linux systems with concurrent sysctl access are potentially vulnerable. The vulnerability is in core kernel functionality.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System instability, kernel panic, or privilege escalation if race conditions manipulate critical kernel parameters during concurrent access.

🟠

Likely Case

Inconsistent system behavior, incorrect parameter values, or minor system instability when multiple processes access sysctl variables simultaneously.

🟢

If Mitigated

No impact if proper kernel protections are in place or if concurrent sysctl access is avoided.

🌐 Internet-Facing: LOW - This requires local access to the system and concurrent sysctl operations.
🏢 Internal Only: MEDIUM - Internal users or processes with sysctl access could trigger the race condition.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH - Requires precise timing and concurrent sysctl operations

Exploitation requires local access and concurrent sysctl variable manipulation with specific timing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with fixes: 2d3b559df3ed, 40e0477a7371, b60eddf98b97, e3a2144b3b6b

Vendor Advisory: https://git.kernel.org/stable/c/2d3b559df3ed39258737789aae2ae7973d205bc1

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Restrict sysctl access

linux

Limit which users and processes can access sysctl variables to reduce concurrent access opportunities

chmod 600 /proc/sys/*
set kernel.sysctl_writes_strict = 1 in /etc/sysctl.conf

🧯 If You Can't Patch

  • Implement strict access controls on /proc/sys directory
  • Monitor for unusual sysctl modifications and concurrent access patterns

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare against patched versions in git commits. Vulnerable if using unpatched kernel with concurrent sysctl access.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes one of the fix commits: 2d3b559df3ed, 40e0477a7371, b60eddf98b97, or e3a2144b3b6b

📡 Detection & Monitoring

Log Indicators:

  • Multiple concurrent sysctl modifications in kernel logs
  • Unexpected system parameter changes

Network Indicators:

  • None - this is a local kernel vulnerability

SIEM Query:

Search for multiple sysctl write operations from different processes within short time windows

📊 Metadata

CVE ID: CVE-2022-49640
CVSS v3 Score: 4.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-362
EPSS Score: 0.03% exploit probability (7.5th percentile)
Published: February 26, 2025
Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49640, you might also want to check these:

CVE-2025-43275 9.8

A race condition vulnerability in macOS allows malicious applications to escape their sandbox restri...

Same vulnerability type (CWE-362)
CVE-2021-32810 9.8

A race condition in crossbeam-deque Rust library versions before 0.7.4 and 0.8.0 allows tasks in wor...

Same vulnerability type (CWE-362)
CVE-2025-30444 9.8

A race condition vulnerability in macOS SMB client allows attackers to cause system termination (ker...

Same vulnerability type (CWE-362)