Security readout for executives and security teams
Plain-English summary
This is a Linux kernel MPTCP bug during connection close. The public record shows a kernel warning caused by sleeping in an invalid atomic context. Business impact is unclear because no CVSS, CWE, or concrete exploit impact is provided. Treat it as a kernel stability issue until your Linux vendor clarifies severity.
Executive priority
Schedule remediation through normal kernel patch cycles unless your environment relies on MPTCP or operates high-risk multi-tenant Linux infrastructure. Escalate if your vendor rates it higher or confirms service-impacting behavior.
Technical view
CVE-2022-49018 fixes an MPTCP close-time locking issue in the Linux kernel. The description shows a BUG splat in net/mptcp/protocol.c when mptcp_close is called under the fast socket lock variant. The fix replaces that path with sock_lock_nested. Public metadata lists Linux kernel versions including 6.0, 6.0.12, and 6.1 as affected, but distro mappings require vendor confirmation.
Likely exposure
Likely limited to systems running affected Linux kernels with Multipath TCP present and reachable through relevant workloads. Containers inherit host-kernel exposure. Exact exposure depends on distribution backports, kernel configuration, and whether MPTCP is enabled or used.
Exploitation context
The source describes a packetdrill-triggered kernel BUG at socket close time. There is no KEV listing and no cited source stating active exploitation. Public sources do not provide exploitability details, privilege requirements, or a confirmed denial-of-service impact.
Researcher notes
Evidence is official but sparse. The CVE record identifies the root cause and fix commits, but provides no CVSS, CWE, exploit status, or complete version-range clarity. Validate affectedness through upstream stable commits and your distribution’s backport history.
Mitigation direction
Check your Linux distribution advisory for fixed kernel packages.
Update affected kernels to versions containing the referenced stable fixes.
Prioritize hosts using MPTCP or running multi-tenant network workloads.
If MPTCP is unnecessary, review vendor guidance on reducing exposure.
Validation and detection
Inventory Linux kernel versions across servers and appliances.
Compare installed kernels with distribution advisories for CVE-2022-49018.
Check kernel changelogs for the referenced stable commit fixes.
Confirm whether MPTCP is enabled or used on exposed systems.
Monitor kernel logs for MPTCP close-time BUG warnings.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2022-49018 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.