CVE-2022-49669 – A use-after-free vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2022-49669?

CVE-2022-49669 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in the Linux kernel's MPTCP implementation allows attackers to potentially crash systems or execute arbitrary code. This affects Linux systems with MPTCP enabled, particularly those running vulnerable kernel versions. The vulnerability occurs when a listener socket closes while MPTCP subflows are still pending acceptance.

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's MPTCP implementation allows attackers to potentially crash systems or execute arbitrary code. This affects Linux systems with MPTCP enabled, particularly those running vulnerable kernel versions. The vulnerability occurs when a listener socket closes while MPTCP subflows are still pending acceptance.

💻 Affected Systems

Products:

Linux kernel

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if MPTCP (Multipath TCP) is enabled in the kernel configuration. Most distributions don't enable MPTCP by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash or potential privilege escalation to kernel-level code execution, allowing complete system compromise.

🟠

Likely Case

System crash or denial of service due to kernel panic when the race condition is triggered, requiring system reboot.

🟢

If Mitigated

No impact if MPTCP is disabled or systems are patched; otherwise, system instability under specific network conditions.

🌐 Internet-Facing: MEDIUM - Requires MPTCP to be enabled and specific network conditions, but could be triggered remotely if MPTCP is exposed.

🏢 Internal Only: MEDIUM - Internal systems with MPTCP enabled could be vulnerable to local or network-based attacks within the environment.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering a specific race condition during MPTCP socket cleanup. Likely requires local access or network access to MPTCP services.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits 6aeed9045071f2252ff4e98fc13d1e304f33e5b0 and a8a3e95c74e48c2c9b07b81fafda9122993f2e12

Vendor Advisory: https://git.kernel.org/stable/c/6aeed9045071f2252ff4e98fc13d1e304f33e5b0

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable MPTCP

Linux

Disable Multipath TCP functionality if not required

sysctl -w net.mptcp.enabled=0
Add 'net.mptcp.enabled=0' to /etc/sysctl.conf

🧯 If You Can't Patch

Disable MPTCP using sysctl commands
Restrict network access to systems with MPTCP enabled

🔍 How to Verify

Check if Vulnerable:

Check if MPTCP is enabled: sysctl net.mptcp.enabled. Check kernel version against distribution security advisories.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits. Check syslog for kernel oops messages related to MPTCP.

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages in /var/log/kern.log or dmesg
System crashes or reboots

Network Indicators:

Unexpected MPTCP connection failures
Network service disruptions

SIEM Query:

source="kernel" AND ("MPTCP" OR "use-after-free" OR "general protection fault")

📊 Metadata

CVE ID: CVE-2022-49669

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.04% exploit probability (11.8th percentile)

Published: February 26, 2025

Last Updated: March 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49669, you might also want to check these: