CVE-2022-49604 is a concurrency vulnerability identified in the Linux kernel, specifically related to the handling of the sysctl_ip_fwd_use_pmtu parameter. This parameter controls IP forwarding behavior concerning Path MTU (Maximum Transmission Unit) usage. The vulnerability arises because the kernel code reads the sysctl_ip_fwd_use_pmtu variable without proper synchronization, leading to a data race condition. In concurrent environments, the value of sysctl_ip_fwd_use_pmtu can be changed while being read, causing inconsistent or undefined behavior. The fix involves adding the READ_ONCE() macro to ensure atomic and consistent reads of this variable, preventing concurrent modification issues. Although this vulnerability does not have any known exploits in the wild, the underlying issue is a classic race condition that could potentially be leveraged to cause unpredictable kernel behavior, including crashes or incorrect packet forwarding decisions. This could affect network reliability and stability on Linux systems that rely on IP forwarding with PMTU considerations. The affected versions are specific Linux kernel commits identified by the hash f87c10a8aa1e82498c42d0335524d6ae7cf5a52b, indicating a narrow range of kernel builds. The vulnerability was published on February 26, 2025, and no CVSS score has been assigned yet. Given the nature of the bug, it is a low-level kernel synchronization issue that requires local or privileged access to exploit, and it does not inherently allow privilege escalation or remote code execution by itself.

For European organizations, the impact of CVE-2022-49604 is primarily related to network stability and reliability rather than direct compromise or data breach. Organizations running Linux-based routers, firewalls, or servers that perform IP forwarding with PMTU settings could experience kernel instability or unexpected network behavior if this vulnerability is triggered. This could lead to intermittent network outages or degraded performance, affecting critical infrastructure, especially in sectors relying heavily on Linux-based networking equipment such as telecommunications, cloud service providers, and large enterprises. However, since exploitation requires concurrent access and manipulation of kernel parameters, the risk of widespread remote exploitation is low. The absence of known exploits in the wild further reduces immediate risk. Nevertheless, unpatched systems could be vulnerable to targeted attacks or accidental misconfigurations that trigger the race condition, potentially causing denial of service or network disruptions.

To mitigate CVE-2022-49604, European organizations should prioritize updating their Linux kernels to the patched versions that include the READ_ONCE() fix for sysctl_ip_fwd_use_pmtu. Kernel updates should be tested in staging environments to ensure compatibility with existing network configurations. Network administrators should audit systems that perform IP forwarding with PMTU settings to identify affected hosts. Additionally, implementing strict access controls to limit who can modify kernel parameters or sysctl settings reduces the risk of accidental or malicious triggering of the race condition. Monitoring kernel logs for unusual network errors or crashes related to IP forwarding can help detect exploitation attempts. For environments using custom or embedded Linux kernels, vendors should be contacted to provide patches or guidance. Finally, organizations should integrate this vulnerability into their vulnerability management and patching workflows to ensure timely remediation.