CVE-2022-49629: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49629 is a race condition vulnerability discovered in the Linux kernel's nexthop functionality. The vulnerability specifically affects the nexthopcompatmode feature, where concurrent access to this mode could lead to data races. The issue was identified in Linux kernel versions from 5.8 through 5.10.132, as well as various release candidates of version 5.19 (NVD).

The vulnerability stems from improper synchronization when reading the nexthopcompatmode variable, which could be modified concurrently. The issue was classified as CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition). The vulnerability received a CVSS v3.1 base score of 4.7 (Medium), with a vector string of CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access requirements and potential high impact on availability (NVD).

The vulnerability could potentially affect system availability due to race conditions in the nexthop functionality of the Linux kernel. The CVSS scoring indicates that while there is no impact on confidentiality or integrity, there could be a high impact on system availability (NVD).

The vulnerability was fixed by adding READONCE() to the readers of nexthopcompatmode to prevent data races. The fix was implemented through multiple kernel patches that modified the affected files: net/ipv4/fibsemantics.c, net/ipv4/nexthop.c, and net/ipv6/route.c (Kernel Patch).