CVE-2022-49587: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49587 is a data race vulnerability discovered in the Linux kernel's TCP implementation, specifically affecting the sysctl_tcp_notsent_lowat functionality. The vulnerability was identified when it was found that while reading sysctl_tcp_notsent_lowat, it could be changed concurrently, leading to potential race conditions (Debian Security).

The vulnerability exists in the tcp_notsent_lowat function within the Linux kernel's TCP implementation. The issue stems from concurrent access to sysctl_tcp_notsent_lowat without proper synchronization. The fix involves adding READ_ONCE() to the reader to ensure atomic access to the variable, preventing potential race conditions. The original problematic code was introduced in commit c9bee3b7fdec "tcp: TCP_NOTSENT_LOWAT socket option" (Kernel Git).

The data race condition could potentially lead to inconsistent readings of the tcp_notsent_lowat value, which is used to control TCP socket behavior. This could affect network performance and reliability in systems using the TCP_NOTSENT_LOWAT socket option (Debian Security).

The vulnerability has been fixed in various Linux kernel versions. The fix involves adding READ_ONCE() to the reader of sysctl_tcp_notsent_lowat. Fixed versions include Linux 5.10.234-1 for Debian bullseye, 6.1.128-1 for bookworm, and 6.12.17-1 for sid/trixie (Debian Security).