CVE-2022-49087: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a race condition vulnerability was discovered in the rxrpcexitnet() function. The vulnerability was identified and fixed in 2022, affecting the RxRPC protocol implementation. The issue occurs during network namespace cleanup operations, where a race between rxrpcexitnet() and rxrpcpeerkeepalive_worker() functions could lead to a use-after-free condition (Kernel Git).

The vulnerability stems from incorrect ordering of operations in rxrpcexitnet(). The race condition occurs when CPU0 executes rxrpcexitnet() while CPU1 executes rxrpcpeerkeepaliveworker(). The sequence involves setting rxnet->live to false, followed by deltimersync() and cancelworksync() calls, but the timer can still be armed by the keepalive worker, leading to a use-after-free condition. This was confirmed through debug object warnings showing active timerlist objects being freed (Kernel Git).

The vulnerability can result in use-after-free conditions in the kernel's RxRPC implementation, potentially leading to memory corruption and system stability issues. This could affect systems using the RxRPC protocol, particularly in networked environments where namespace cleanup operations occur (Kernel Git).

The fix involves reordering the cleanup operations in rxrpcexitnet() to ensure the work is cancelled before the timer is deleted. This prevents the race condition by ensuring proper synchronization between the cleanup and keepalive operations. The fix was implemented by moving the deltimersync() call after cancelworksync() (Kernel Git).