CVE-2022-49149 is a vulnerability identified in the Linux kernel's rxrpc subsystem, which handles the RxRPC protocol used primarily for remote procedure calls over IP networks. The vulnerability stems from a race condition involving the rxrpc_call structure's timer management. Specifically, the rxrpc_call struct contains a timer used to manage timed events related to a call. This timer can be started from packet input routines that execute in softirq context with only an RCU (Read-Copy-Update) read lock held. Because the RCU read lock does not prevent the call structure from being concurrently destroyed, a race condition arises when a packet arrives for a call that is simultaneously being destroyed. This can cause the timer, which may have already been stopped, to be restarted erroneously. If the timer is deallocated before the timer dispatch code runs, the kernel may crash (kernel oops) due to accessing freed memory. The fix involves acquiring a reference count on the rxrpc_call struct before starting the timer, ensuring the call structure remains valid while the timer is active. The reference is passed along to the timer and subsequently to the call's work item, preventing premature deallocation. If the timer or work item is already running or queued, the extra reference is discarded to avoid leaks. This vulnerability is a classic use-after-free/race condition that can lead to kernel instability or denial of service. No known exploits are reported in the wild, and no CVSS score has been assigned yet.

For European organizations, the primary impact of CVE-2022-49149 is the potential for denial of service (DoS) through kernel crashes on Linux systems utilizing the rxrpc protocol. This could disrupt critical services relying on Linux servers, including telecommunications infrastructure, enterprise applications, and network services. While the vulnerability does not appear to allow privilege escalation or remote code execution directly, the resulting kernel oops can cause system instability, forced reboots, and potential data loss if services are interrupted unexpectedly. Organizations with Linux-based infrastructure, especially those using RxRPC (commonly found in distributed systems and some enterprise environments), may experience operational disruptions. The absence of known exploits reduces immediate risk, but the vulnerability's presence in the kernel means that attackers with network access could potentially trigger the race condition to cause service outages. This is particularly relevant for European sectors with high reliance on Linux servers, such as finance, telecommunications, and government services, where availability is critical.

To mitigate CVE-2022-49149, European organizations should prioritize updating their Linux kernel to versions where this vulnerability is patched. Since the issue is in the kernel's rxrpc subsystem, applying official kernel updates from trusted Linux distributions is the most effective measure. Organizations should: 1) Identify all Linux systems running kernels affected by this vulnerability, focusing on those using RxRPC services. 2) Apply vendor-provided kernel patches or upgrade to the latest stable kernel releases that include the fix. 3) If immediate patching is not feasible, consider disabling or limiting the use of RxRPC services or related applications to reduce exposure. 4) Monitor system logs for kernel oops or crashes related to rxrpc_call timers as indicators of attempted exploitation or instability. 5) Implement network segmentation and strict access controls to limit exposure of vulnerable Linux systems to untrusted networks. 6) Engage with Linux distribution security advisories and maintain an up-to-date inventory of kernel versions deployed. These steps go beyond generic advice by focusing on the specific subsystem and race condition nature of the vulnerability.