CVE-2022-4269: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability (CVE-2022-4269) was discovered in the Linux kernel Traffic Control (TC) subsystem. The vulnerability was discovered by William Zhao and disclosed on December 5, 2022. It affects Linux kernel versions through 4.1:rc1 when using a specific networking configuration that redirects egress packets to ingress using TC action 'mirred' (CVE, Ubuntu Security).

The vulnerability occurs in the Linux kernel Traffic Control (TC) subsystem when using a specific networking configuration that redirects egress packets to ingress using TC action 'mirred'. The issue involves a CPU soft lockup (ABBA deadlock) that can be triggered when the transport protocol in use (TCP or SCTP) performs a retransmission. The vulnerability has a CVSS v3.1 score of 5.5 (Medium) with the vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NetApp Security).

When successfully exploited, this vulnerability can lead to a denial of service (DoS) condition by triggering a CPU soft lockup. The issue specifically affects systems using the TC mirred action for redirecting egress packets to ingress, potentially causing system performance degradation or unresponsiveness (Debian Security).

A fix has been implemented that modifies the handling of mirred ingress packets by using netifrx() instead of netifreceive_skb(), similar to the receive path handling in 'loopback' and 'veth' devices. This change prevents the deadlock condition from occurring. Various Linux distributions have released patches to address this vulnerability, including Debian (version 5.10.191-1) and Ubuntu (multiple version updates across different releases) (Kernel Patch, Debian Security).