CVE-2022-49664 is a vulnerability identified in the Linux kernel's Transparent Inter-Process Communication (TIPC) protocol implementation. The issue arises from a NULL pointer dereference in the tipc_link_is_up function, triggered when the broadcast (bc) link creation is delayed until after a new node is inserted into the hashtable. Specifically, when a preliminary node is created via tipc_node_create, the bc link is not immediately established. This creates a timing window where a broadcast packet can be received and the node retrieved from the hashtable, but its bc link pointer remains NULL. Dereferencing this NULL pointer leads to a kernel crash (NULL pointer dereference), causing a denial of service (DoS) condition. The root cause is a race condition between node insertion and bc link creation. The patch fixes this by moving the bc link creation to occur before the node is inserted into the hashtable, ensuring that any access to the node's bc link is valid. Additionally, for preliminary nodes transitioning to real nodes, the bc link creation is also ensured before rehashing. This vulnerability affects multiple Linux kernel versions identified by specific commit hashes, indicating it is present in certain recent kernel builds. No known exploits are reported in the wild as of the publication date. The vulnerability does not have an assigned CVSS score yet. Exploitation requires crafted network packets targeting the TIPC protocol, which is primarily used in clustered or telecom environments. The impact is a kernel crash leading to system unavailability.

For European organizations, the impact of CVE-2022-49664 depends largely on the deployment of Linux systems using the TIPC protocol. TIPC is commonly used in clustered environments, telecom infrastructure, and certain industrial systems. Organizations operating telecom networks, industrial control systems, or high-availability clusters running vulnerable Linux kernel versions could experience denial of service due to kernel crashes triggered remotely by crafted TIPC broadcast packets. This could lead to service outages, affecting critical infrastructure and business continuity. The vulnerability does not appear to allow privilege escalation or remote code execution, so confidentiality and integrity impacts are limited. However, availability impact is significant in environments relying on TIPC for inter-node communication. European telecom operators, industrial manufacturers, and cloud providers using Linux clusters could be at risk. The lack of known exploits reduces immediate risk but patching is important to prevent potential future attacks. Systems exposed to untrusted networks or with insufficient network segmentation are more vulnerable to remote exploitation attempts.

1. Apply the official Linux kernel patch that moves the bc link creation before node insertion into the hashtable as soon as it is available for your kernel version. 2. Upgrade Linux kernels to versions that include the fix for CVE-2022-49664. 3. Restrict network access to TIPC ports and interfaces to trusted hosts only, using firewall rules or network segmentation to limit exposure to untrusted networks. 4. Monitor kernel logs for signs of NULL pointer dereference crashes related to tipc to detect potential exploitation attempts. 5. For critical telecom or industrial systems, consider isolating TIPC traffic within secure VLANs or dedicated networks to reduce attack surface. 6. Conduct regular vulnerability assessments and patch management to ensure timely updates of Linux kernel components. 7. If upgrading kernels is not immediately feasible, consider disabling TIPC if it is not required for your environment to eliminate the attack vector.