CVE-2022-49918: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's IPVS (IP Virtual Server) module was identified as CVE-2022-49918. The issue occurs during the initialization of ipvsconnnetinit(), where if the files ipvsconn or ipvsconn_sync fail to be created, the initialization incorrectly proceeds as successful by default. This vulnerability was publicly disclosed on May 1, 2025 (NVD, Wiz).

The vulnerability manifests in the initialization process of ipvsconnnetinit() function in the Linux kernel's IPVS module. When the files ipvsconn or ipvsconnsync fail to be created, the system does not properly handle the failure case, leading to a WARNING in _ipvscleanupbatch(). The issue can be identified in the stack trace at fs/proc/generic.c:712 removeproc_entry+0x389/0x460. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 with attack vector being Local (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) (Red Hat).

The vulnerability primarily results in system warnings during cleanup operations, specifically in the _ipvscleanupbatch() function. While the immediate impact appears to be limited to system warnings, it could potentially lead to system instability or resource management issues in the IPVS module (Wiz).

Red Hat has marked this vulnerability as 'Fix deferred' for Red Hat Enterprise Linux 9 and kernel-rt packages. Users are advised to monitor vendor notifications for patch availability and apply updates when available (Red Hat).