CVE-2022-49600: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49600 is a data race vulnerability discovered in the Linux kernel's IP networking subsystem. The issue specifically affects the sysctlipautobind_reuse functionality, where concurrent access to this variable could lead to race conditions. The vulnerability was disclosed in February 2025 and affects various versions of the Linux kernel (NVD).

The vulnerability stems from improper synchronization when reading the sysctlipautobindreuse variable, which could be modified concurrently. The issue was identified in the inetconnection_sock.c file and received a CVSS v3.1 Base Score of 4.7 (Medium) with vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified as CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) (NVD).

The vulnerability could potentially lead to availability issues in the Linux kernel's networking stack. While there is no direct impact on confidentiality or integrity, the race condition could affect system stability and network operations (NVD).

The vulnerability has been fixed by adding READONCE() to the reader of sysctlipautobindreuse. The fix has been implemented across multiple Linux kernel versions, including 5.10.234-1 for Debian bullseye and 6.1.128-1 for Debian bookworm (Debian, Kernel Patch).