CVE-2022-49018: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix sleep in atomic at close time Matt reported a splat at msk close time: BUG: sleeping function called from invalid context at net/mptcp/protocol.c:2877 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 155, name: packetdrill preempt_count: 201, expected: 0 RCU nest depth: 0, expected: 0 4 locks held by packetdrill/155: #0: ffff888001536990 (&sb->s_type->i_mutex_key#6){+.+.}-{3:3}, at: __sock_release (net/socket.c:650) #1: ffff88800b498130 (sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_close (net/mptcp/protocol.c:2973) #2: ffff88800b49a130 (sk_lock-AF_INET/1){+.+.}-{0:0}, at: __mptcp_close_ssk (net/mptcp/protocol.c:2363) #3: ffff88800b49a0b0 (slock-AF_INET){+...}-{2:2}, at: __lock_sock_fast (include/net/sock.h:1820) Preemption disabled at: 0x0 CPU: 1 PID: 155 Comm: packetdrill Not tainted 6.1.0-rc5 #365 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4)) __might_resched.cold (kernel/sched/core.c:9891) __mptcp_destroy_sock (include/linux/kernel.h:110) __mptcp_close (net/mptcp/protocol.c:2959) mptcp_subflow_queue_clean (include/net/sock.h:1777) __mptcp_close_ssk (net/mptcp/protocol.c:2363) mptcp_destroy_common (net/mptcp/protocol.c:3170) mptcp_destroy (include/net/sock.h:1495) __mptcp_destroy_sock (net/mptcp/protocol.c:2886) __mptcp_close (net/mptcp/protocol.c:2959) mptcp_close (net/mptcp/protocol.c:2974) inet_release (net/ipv4/af_inet.c:432) __sock_release (net/socket.c:651) sock_close (net/socket.c:1367) __fput (fs/file_table.c:320) task_work_run (kernel/task_work.c:181 (discriminator 1)) exit_to_user_mode_prepare (include/linux/resume_user_mode.h:49) syscall_exit_to_user_mode (kernel/entry/common.c:130) do_syscall_64 (arch/x86/entry/common.c:87) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120) We can't call mptcp_close under the 'fast' socket lock variant, replace it with a sock_lock_nested() as the relevant code is already under the listening msk socket lock protection.
AI Analysis
Technical Summary
CVE-2022-49018 is a vulnerability identified in the Linux kernel's Multipath TCP (MPTCP) implementation. The issue arises from improper locking mechanisms during socket closure, specifically in the mptcp_close function. The vulnerability manifests as a kernel BUG triggered by a sleeping function being called from an atomic context, which is invalid and leads to kernel instability or crashes. The root cause is the use of a 'fast' socket lock variant in a context where sleeping is not allowed, violating kernel locking rules. This was observed as a splat (kernel panic) during the close operation of an MPTCP socket, with multiple locks held simultaneously, indicating a complex locking scenario. The fix involves replacing the fast socket lock with a nested socket lock (sock_lock_nested) to ensure proper synchronization and prevent sleeping in atomic context. This vulnerability affects specific Linux kernel versions identified by their commit hashes and is related to the network subsystem handling MPTCP connections. Although no known exploits are reported in the wild, the bug can cause denial of service (DoS) by crashing the kernel or destabilizing the system when MPTCP sockets are closed improperly. The vulnerability is technical and low-level, requiring kernel-level access or the ability to trigger MPTCP socket closures under specific conditions.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to servers and network infrastructure running vulnerable Linux kernel versions with MPTCP enabled. The impact is mainly a denial of service, as exploitation causes kernel crashes or instability, potentially leading to system reboots or downtime. This can disrupt critical services, especially in data centers, cloud environments, and telecom infrastructure that rely on Linux servers for networking. Confidentiality and integrity are less likely to be directly impacted since the vulnerability does not appear to allow privilege escalation or code execution. However, availability degradation can affect business continuity, particularly for organizations using MPTCP for enhanced network performance or redundancy. Given the increasing adoption of Linux in European enterprises and public sector infrastructure, the vulnerability could impact sectors such as finance, healthcare, telecommunications, and government services. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental crashes or targeted DoS attempts.
Mitigation Recommendations
European organizations should take the following specific actions: 1) Identify Linux systems running kernel versions affected by this vulnerability, focusing on those with MPTCP enabled or in use. 2) Apply the official Linux kernel patches or upgrade to a kernel version where this issue is resolved, as indicated by the commit fixing the locking mechanism in mptcp_close. 3) If immediate patching is not feasible, consider disabling MPTCP functionality temporarily to mitigate risk of triggering the bug. 4) Monitor system logs for kernel BUG messages or crashes related to MPTCP socket operations to detect potential exploitation or accidental triggers. 5) Implement robust kernel crash recovery and system monitoring to minimize downtime in case of incidents. 6) Coordinate with Linux distribution vendors for timely security updates and advisories. 7) For critical infrastructure, conduct controlled testing of kernel updates to ensure stability and compatibility before deployment. These steps go beyond generic advice by focusing on MPTCP usage and kernel-level patching strategies.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2022-49018: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix sleep in atomic at close time Matt reported a splat at msk close time: BUG: sleeping function called from invalid context at net/mptcp/protocol.c:2877 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 155, name: packetdrill preempt_count: 201, expected: 0 RCU nest depth: 0, expected: 0 4 locks held by packetdrill/155: #0: ffff888001536990 (&sb->s_type->i_mutex_key#6){+.+.}-{3:3}, at: __sock_release (net/socket.c:650) #1: ffff88800b498130 (sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_close (net/mptcp/protocol.c:2973) #2: ffff88800b49a130 (sk_lock-AF_INET/1){+.+.}-{0:0}, at: __mptcp_close_ssk (net/mptcp/protocol.c:2363) #3: ffff88800b49a0b0 (slock-AF_INET){+...}-{2:2}, at: __lock_sock_fast (include/net/sock.h:1820) Preemption disabled at: 0x0 CPU: 1 PID: 155 Comm: packetdrill Not tainted 6.1.0-rc5 #365 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4)) __might_resched.cold (kernel/sched/core.c:9891) __mptcp_destroy_sock (include/linux/kernel.h:110) __mptcp_close (net/mptcp/protocol.c:2959) mptcp_subflow_queue_clean (include/net/sock.h:1777) __mptcp_close_ssk (net/mptcp/protocol.c:2363) mptcp_destroy_common (net/mptcp/protocol.c:3170) mptcp_destroy (include/net/sock.h:1495) __mptcp_destroy_sock (net/mptcp/protocol.c:2886) __mptcp_close (net/mptcp/protocol.c:2959) mptcp_close (net/mptcp/protocol.c:2974) inet_release (net/ipv4/af_inet.c:432) __sock_release (net/socket.c:651) sock_close (net/socket.c:1367) __fput (fs/file_table.c:320) task_work_run (kernel/task_work.c:181 (discriminator 1)) exit_to_user_mode_prepare (include/linux/resume_user_mode.h:49) syscall_exit_to_user_mode (kernel/entry/common.c:130) do_syscall_64 (arch/x86/entry/common.c:87) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120) We can't call mptcp_close under the 'fast' socket lock variant, replace it with a sock_lock_nested() as the relevant code is already under the listening msk socket lock protection.
AI-Powered Analysis
Technical Analysis
CVE-2022-49018 is a vulnerability identified in the Linux kernel's Multipath TCP (MPTCP) implementation. The issue arises from improper locking mechanisms during socket closure, specifically in the mptcp_close function. The vulnerability manifests as a kernel BUG triggered by a sleeping function being called from an atomic context, which is invalid and leads to kernel instability or crashes. The root cause is the use of a 'fast' socket lock variant in a context where sleeping is not allowed, violating kernel locking rules. This was observed as a splat (kernel panic) during the close operation of an MPTCP socket, with multiple locks held simultaneously, indicating a complex locking scenario. The fix involves replacing the fast socket lock with a nested socket lock (sock_lock_nested) to ensure proper synchronization and prevent sleeping in atomic context. This vulnerability affects specific Linux kernel versions identified by their commit hashes and is related to the network subsystem handling MPTCP connections. Although no known exploits are reported in the wild, the bug can cause denial of service (DoS) by crashing the kernel or destabilizing the system when MPTCP sockets are closed improperly. The vulnerability is technical and low-level, requiring kernel-level access or the ability to trigger MPTCP socket closures under specific conditions.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to servers and network infrastructure running vulnerable Linux kernel versions with MPTCP enabled. The impact is mainly a denial of service, as exploitation causes kernel crashes or instability, potentially leading to system reboots or downtime. This can disrupt critical services, especially in data centers, cloud environments, and telecom infrastructure that rely on Linux servers for networking. Confidentiality and integrity are less likely to be directly impacted since the vulnerability does not appear to allow privilege escalation or code execution. However, availability degradation can affect business continuity, particularly for organizations using MPTCP for enhanced network performance or redundancy. Given the increasing adoption of Linux in European enterprises and public sector infrastructure, the vulnerability could impact sectors such as finance, healthcare, telecommunications, and government services. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental crashes or targeted DoS attempts.
Mitigation Recommendations
European organizations should take the following specific actions: 1) Identify Linux systems running kernel versions affected by this vulnerability, focusing on those with MPTCP enabled or in use. 2) Apply the official Linux kernel patches or upgrade to a kernel version where this issue is resolved, as indicated by the commit fixing the locking mechanism in mptcp_close. 3) If immediate patching is not feasible, consider disabling MPTCP functionality temporarily to mitigate risk of triggering the bug. 4) Monitor system logs for kernel BUG messages or crashes related to MPTCP socket operations to detect potential exploitation or accidental triggers. 5) Implement robust kernel crash recovery and system monitoring to minimize downtime in case of incidents. 6) Coordinate with Linux distribution vendors for timely security updates and advisories. 7) For critical infrastructure, conduct controlled testing of kernel updates to ensure stability and compatibility before deployment. These steps go beyond generic advice by focusing on MPTCP usage and kernel-level patching strategies.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-08-22T01:27:53.646Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9820c4522896dcbdd5b4
Added to database: 5/21/2025, 9:08:48 AM
Last enriched: 6/28/2025, 12:12:34 AM
Last updated: 8/18/2025, 9:03:52 AM
Views: 13
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.