CVE-2022-49791 is a vulnerability identified in the Linux kernel's io_uring subsystem, specifically related to the handling of multishot accept requests. The io_uring interface is a modern asynchronous I/O interface designed to improve performance and scalability for Linux applications by allowing multiple I/O operations to be submitted and completed efficiently. The vulnerability arises because the presence of the REQ_F_POLLED flag does not guarantee that a request is executed as a multishot from the polling path. This discrepancy can cause the kernel to mistakenly treat a request as multishot when it is not, leading to the request being leaked due to skipping completion. The root cause is a flaw in the logic that manages request completion, where issue_flags are not properly used to mark multipoll issues, resulting in resource leaks. Although the vulnerability does not appear to allow direct code execution or privilege escalation, leaking requests can lead to resource exhaustion or denial of service conditions. The issue has been addressed in the Linux kernel by correcting the handling of issue_flags to properly mark multipoll requests and prevent leaks. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The affected versions are identified by specific commit hashes, indicating that this is a recent and targeted fix in the kernel source code.

For European organizations, the impact of CVE-2022-49791 primarily revolves around potential denial of service (DoS) scenarios due to resource leaks in the kernel's io_uring subsystem. Systems that heavily rely on asynchronous I/O operations, such as high-performance servers, cloud infrastructure, and network appliances running Linux, could experience degraded performance or service interruptions if the vulnerability is exploited or triggered inadvertently. While the vulnerability does not directly compromise confidentiality or integrity, the availability impact could affect critical services, especially in sectors like finance, telecommunications, and public services that depend on Linux-based infrastructure. Additionally, resource leaks can sometimes be leveraged as part of a larger attack chain, increasing the risk profile. Since no known exploits are currently active, the immediate risk is moderate, but unpatched systems remain vulnerable to potential future exploitation. Organizations using Linux kernels with io_uring support should be aware of this vulnerability and assess their exposure, particularly if they deploy custom or older kernel versions that may not include the fix.

To mitigate CVE-2022-49791, European organizations should: 1) Apply the latest Linux kernel patches that address the io_uring multishot accept request leak as soon as they become available from trusted sources or distributions. 2) For environments where immediate patching is not feasible, monitor system resource usage closely to detect unusual increases in kernel resource consumption that could indicate exploitation attempts. 3) Limit exposure by restricting access to systems running vulnerable kernels, especially those exposed to untrusted networks or users. 4) Employ kernel hardening and security modules (e.g., SELinux, AppArmor) to reduce the attack surface and contain potential impacts. 5) Review and update incident response plans to include detection and remediation steps for kernel resource leaks or DoS conditions related to io_uring. 6) Engage with Linux distribution vendors for timely updates and advisories. 7) Consider disabling io_uring functionality temporarily if it is not required for critical workloads, as a short-term risk reduction measure.