CVE-2022-49420: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: annotate races around sk->sk_bound_dev_if UDP sendmsg() is lockless, and reads sk->sk_bound_dev_if while this field can be changed by another thread. Adds minimal annotations to avoid KCSAN splats for UDP. Following patches will add more annotations to potential lockless readers. BUG: KCSAN: data-race in __ip6_datagram_connect / udpv6_sendmsg write to 0xffff888136d47a94 of 4 bytes by task 7681 on cpu 0: __ip6_datagram_connect+0x6e2/0x930 net/ipv6/datagram.c:221 ip6_datagram_connect+0x2a/0x40 net/ipv6/datagram.c:272 inet_dgram_connect+0x107/0x190 net/ipv4/af_inet.c:576 __sys_connect_file net/socket.c:1900 [inline] __sys_connect+0x197/0x1b0 net/socket.c:1917 __do_sys_connect net/socket.c:1927 [inline] __se_sys_connect net/socket.c:1924 [inline] __x64_sys_connect+0x3d/0x50 net/socket.c:1924 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x50 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae read to 0xffff888136d47a94 of 4 bytes by task 7670 on cpu 1: udpv6_sendmsg+0xc60/0x16e0 net/ipv6/udp.c:1436 inet6_sendmsg+0x5f/0x80 net/ipv6/af_inet6.c:652 sock_sendmsg_nosec net/socket.c:705 [inline] sock_sendmsg net/socket.c:725 [inline] ____sys_sendmsg+0x39a/0x510 net/socket.c:2413 ___sys_sendmsg net/socket.c:2467 [inline] __sys_sendmmsg+0x267/0x4c0 net/socket.c:2553 __do_sys_sendmmsg net/socket.c:2582 [inline] __se_sys_sendmmsg net/socket.c:2579 [inline] __x64_sys_sendmmsg+0x53/0x60 net/socket.c:2579 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x50 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae value changed: 0x00000000 -> 0xffffff9b Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 7670 Comm: syz-executor.3 Tainted: G W 5.18.0-rc1-syzkaller-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 I chose to not add Fixes: tag because race has minor consequences and stable teams busy enough.
AI Analysis
Technical Summary
CVE-2022-49420 is a concurrency-related vulnerability in the Linux kernel's networking stack, specifically involving UDP socket operations. The issue arises from a data race condition around the sk->sk_bound_dev_if field, which is accessed in a lockless manner during UDP sendmsg() operations. This field can be concurrently modified by another thread without proper synchronization, leading to inconsistent or corrupted state. The Kernel Concurrency Sanitizer (KCSAN) detected this race during execution paths in IPv6 datagram connection and UDPv6 sendmsg functions, indicating that simultaneous reads and writes to this field can occur on different CPUs. The vulnerability is rooted in the lack of adequate locking or atomic operations around sk->sk_bound_dev_if, which is critical for binding sockets to specific network devices. Although the Linux kernel developers have applied minimal annotations to suppress KCSAN warnings and plan further annotations to address other lockless readers, the patch notes indicate that the race condition has minor consequences and thus was not tagged with a Fixes: directive. The vulnerability affects Linux kernel versions around 5.18.0-rc1 and potentially others using similar code paths. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability primarily impacts kernel stability and data integrity within the networking stack, potentially causing unpredictable behavior or kernel crashes under high concurrency UDP socket operations.
Potential Impact
For European organizations relying on Linux-based infrastructure, especially those running network-intensive applications or services using UDP sockets (such as DNS servers, VoIP, streaming, or real-time data feeds), this vulnerability could lead to kernel instability or crashes under specific concurrent workloads. While the vulnerability does not directly expose a remote code execution or privilege escalation vector, the data race could cause denial of service (DoS) conditions by crashing the kernel or corrupting socket state, impacting availability of critical services. Organizations operating cloud environments, data centers, or edge computing nodes with Linux kernels in the affected versions may experience service disruptions. Given the widespread use of Linux in European public sector, telecommunications, and financial institutions, even minor kernel instability can have cascading effects on service reliability and compliance with uptime requirements. However, the lack of known exploits and the minor consequence assessment by the Linux maintainers suggest the immediate risk is low. Still, the vulnerability underscores the importance of kernel concurrency correctness in maintaining robust network services.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions where this race condition is addressed, either through the minimal annotations applied or subsequent patches that add further synchronization. Kernel upgrades should be tested in staging environments to ensure compatibility and stability. For environments where immediate kernel upgrades are not feasible, organizations can mitigate risk by limiting high-concurrency UDP socket operations or isolating critical UDP services on dedicated hosts to reduce contention. Employing kernel hardening techniques such as enabling Kernel Address Sanitizer (KASAN) or Kernel Concurrency Sanitizer (KCSAN) in development and testing environments can help detect similar concurrency issues proactively. Additionally, monitoring kernel logs for unusual socket-related errors or crashes can provide early warning signs. Network segmentation and redundancy can further reduce impact by isolating affected services and enabling failover. Collaboration with Linux distribution vendors for timely patch releases and backports is essential to maintain secure and stable kernel versions.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2022-49420: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: annotate races around sk->sk_bound_dev_if UDP sendmsg() is lockless, and reads sk->sk_bound_dev_if while this field can be changed by another thread. Adds minimal annotations to avoid KCSAN splats for UDP. Following patches will add more annotations to potential lockless readers. BUG: KCSAN: data-race in __ip6_datagram_connect / udpv6_sendmsg write to 0xffff888136d47a94 of 4 bytes by task 7681 on cpu 0: __ip6_datagram_connect+0x6e2/0x930 net/ipv6/datagram.c:221 ip6_datagram_connect+0x2a/0x40 net/ipv6/datagram.c:272 inet_dgram_connect+0x107/0x190 net/ipv4/af_inet.c:576 __sys_connect_file net/socket.c:1900 [inline] __sys_connect+0x197/0x1b0 net/socket.c:1917 __do_sys_connect net/socket.c:1927 [inline] __se_sys_connect net/socket.c:1924 [inline] __x64_sys_connect+0x3d/0x50 net/socket.c:1924 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x50 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae read to 0xffff888136d47a94 of 4 bytes by task 7670 on cpu 1: udpv6_sendmsg+0xc60/0x16e0 net/ipv6/udp.c:1436 inet6_sendmsg+0x5f/0x80 net/ipv6/af_inet6.c:652 sock_sendmsg_nosec net/socket.c:705 [inline] sock_sendmsg net/socket.c:725 [inline] ____sys_sendmsg+0x39a/0x510 net/socket.c:2413 ___sys_sendmsg net/socket.c:2467 [inline] __sys_sendmmsg+0x267/0x4c0 net/socket.c:2553 __do_sys_sendmmsg net/socket.c:2582 [inline] __se_sys_sendmmsg net/socket.c:2579 [inline] __x64_sys_sendmmsg+0x53/0x60 net/socket.c:2579 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x50 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae value changed: 0x00000000 -> 0xffffff9b Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 7670 Comm: syz-executor.3 Tainted: G W 5.18.0-rc1-syzkaller-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 I chose to not add Fixes: tag because race has minor consequences and stable teams busy enough.
AI-Powered Analysis
Technical Analysis
CVE-2022-49420 is a concurrency-related vulnerability in the Linux kernel's networking stack, specifically involving UDP socket operations. The issue arises from a data race condition around the sk->sk_bound_dev_if field, which is accessed in a lockless manner during UDP sendmsg() operations. This field can be concurrently modified by another thread without proper synchronization, leading to inconsistent or corrupted state. The Kernel Concurrency Sanitizer (KCSAN) detected this race during execution paths in IPv6 datagram connection and UDPv6 sendmsg functions, indicating that simultaneous reads and writes to this field can occur on different CPUs. The vulnerability is rooted in the lack of adequate locking or atomic operations around sk->sk_bound_dev_if, which is critical for binding sockets to specific network devices. Although the Linux kernel developers have applied minimal annotations to suppress KCSAN warnings and plan further annotations to address other lockless readers, the patch notes indicate that the race condition has minor consequences and thus was not tagged with a Fixes: directive. The vulnerability affects Linux kernel versions around 5.18.0-rc1 and potentially others using similar code paths. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability primarily impacts kernel stability and data integrity within the networking stack, potentially causing unpredictable behavior or kernel crashes under high concurrency UDP socket operations.
Potential Impact
For European organizations relying on Linux-based infrastructure, especially those running network-intensive applications or services using UDP sockets (such as DNS servers, VoIP, streaming, or real-time data feeds), this vulnerability could lead to kernel instability or crashes under specific concurrent workloads. While the vulnerability does not directly expose a remote code execution or privilege escalation vector, the data race could cause denial of service (DoS) conditions by crashing the kernel or corrupting socket state, impacting availability of critical services. Organizations operating cloud environments, data centers, or edge computing nodes with Linux kernels in the affected versions may experience service disruptions. Given the widespread use of Linux in European public sector, telecommunications, and financial institutions, even minor kernel instability can have cascading effects on service reliability and compliance with uptime requirements. However, the lack of known exploits and the minor consequence assessment by the Linux maintainers suggest the immediate risk is low. Still, the vulnerability underscores the importance of kernel concurrency correctness in maintaining robust network services.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions where this race condition is addressed, either through the minimal annotations applied or subsequent patches that add further synchronization. Kernel upgrades should be tested in staging environments to ensure compatibility and stability. For environments where immediate kernel upgrades are not feasible, organizations can mitigate risk by limiting high-concurrency UDP socket operations or isolating critical UDP services on dedicated hosts to reduce contention. Employing kernel hardening techniques such as enabling Kernel Address Sanitizer (KASAN) or Kernel Concurrency Sanitizer (KCSAN) in development and testing environments can help detect similar concurrency issues proactively. Additionally, monitoring kernel logs for unusual socket-related errors or crashes can provide early warning signs. Network segmentation and redundancy can further reduce impact by isolating affected services and enabling failover. Collaboration with Linux distribution vendors for timely patch releases and backports is essential to maintain secure and stable kernel versions.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:08:31.568Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe598b
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 6:58:14 AM
Last updated: 8/13/2025, 8:23:25 PM
Views: 15
Related Threats
CVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9087: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.