CVE-2022-49372: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49372 affects the Linux kernel's TCP implementation. The vulnerability was discovered in the tcp_rtx_synack() function which can be called from process context. This issue occurs when using TCP Fast Open sockets under specific conditions with CONFIG_DEBUG_PREEMPT enabled (Kernel Git).

The vulnerability is triggered under the following conditions: 1) Kernel built with CONFIG_DEBUG_PREEMPT=y, 2) A new passive FastOpen TCP socket is created waiting for an ACK from client, 3) A socket operation goes through lock_sock() release_sock() dance, 4) While the socket is owned by the user, a retransmit of the SYN is received and stored in socket backlog, 5) At release_sock() time, the socket backlog is processed in process context, 6) tcp_rtx_synack() is called in process context. The issue stems from tcp_rtx_synack() being called from process context when it was designed to be called only from BH handler (Kernel Git).

The vulnerability can trigger a kernel bug when using __this_cpu_add() in preemptible code context, potentially affecting system stability (Kernel Git).

The issue has been fixed by modifying tcp_rtx_synack() to use TCP_INC_STATS() & NET_INC_STATS() which do not assume caller is in non preemptible context (Kernel Git).