CVE-2022-49655 is a vulnerability in the Linux kernel's fscache subsystem, specifically related to the caching mechanism used for NFS (Network File System) files. The issue arises when an NFS file is opened for writing and then closed. During this process, the fscache_invalidate() function is called to invalidate the cached file. However, if the cache cookie is in the LOOKING_UP or CREATING state, the invalidation request is not properly recorded by the fscache_cookie_state_machine(), which manages the state transitions of the cache cookie. This improper handling means that the invalidation does not occur as expected. The root cause is that __fscache_invalidate() does not set a flag indicating that invalidation is needed when the cookie is in the LOOKING_UP state, leading to the cache state machine not transitioning to the INVALIDATING state. Consequently, the cache may serve stale data, causing local modifications to an NFS file to not be reflected correctly when the file is read locally. This can result in file corruption or data inconsistency. The fix involves modifying __fscache_invalidate() to set a flag when the cookie is in the LOOKING_UP state and adjusting the n_accesses counter to ensure proper state machine transitions to INVALIDATING, thereby ensuring cache invalidation occurs correctly. This vulnerability affects Linux kernel versions identified by the commit hash d24af13e2e2358a602740c7817ea90da43d3e740 and has been publicly disclosed without an assigned CVSS score or known exploits in the wild.

For European organizations relying on Linux systems with NFS mounts, this vulnerability poses a risk of data corruption and inconsistency. NFS is commonly used in enterprise environments for shared storage and file access across multiple systems. If an attacker or a misbehaving application triggers this race condition, it could lead to corrupted files being read or written, potentially impacting critical business operations, data integrity, and application reliability. This is particularly concerning for sectors such as finance, healthcare, and government, where data accuracy and integrity are paramount. Although exploitation does not appear to be straightforward or widely observed, the vulnerability could be triggered unintentionally by normal file operations, leading to silent data corruption. This undermines trust in file system reliability and could cause operational disruptions or data loss. The lack of known exploits suggests that the threat is currently theoretical but should be addressed proactively to prevent future incidents.

European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2022-49655. Specifically, they should ensure that their systems are running kernel versions that incorporate the fix identified by the commit d24af13e2e2358a602740c7817ea90da43d3e740 or later. System administrators should audit their NFS usage to identify critical systems where file integrity is essential and apply kernel updates promptly. Additionally, organizations should implement monitoring for unusual file system behavior or errors related to NFS operations that might indicate cache inconsistencies. Where possible, consider using alternative or additional file integrity verification mechanisms, such as checksums or file system auditing tools, to detect corruption early. For environments where immediate patching is not feasible, temporarily reducing reliance on fscache for NFS or disabling it might be considered, although this may impact performance. Finally, maintaining robust backup and recovery procedures will help mitigate the impact of any data corruption that occurs.