CVE-2022-49629: nexthop: Fix data-races around nexthop_compat_mode.
In the Linux kernel, the following vulnerability has been resolved:
nexthop: Fix data-races around nexthop_compat_mode.
While reading nexthop_compat_mode, it can be changed concurrently.
Thus, we need to add READ_ONCE() to its readers.
Security readout for executives and security teams
Plain-English summary
CVE-2022-49629 is a Linux kernel race condition in nexthop handling. A local low-privileged user may be able to trigger an availability impact, but the CVSS data shows high attack complexity and no confidentiality or integrity impact.
Executive priority
Treat as routine kernel patching with moderate urgency. It is not supported as remotely exploitable or actively exploited by the supplied evidence, but availability impact on shared Linux systems justifies timely remediation.
Technical view
The issue is a CWE-362 data race around reads of nexthop_compat_mode while it can change concurrently. The kernel fix adds READ_ONCE() to readers. CVSS 3.1 is 4.7: local, high complexity, low privileges, no user interaction, availability high.
Likely exposure
Exposure is mainly Linux systems running affected kernel builds identified by the CVE source bundle. The impact requires local access with low privileges, so internet-facing remote exposure is not indicated by the provided sources.
Exploitation context
The source bundle does not show CISA KEV listing or active exploitation evidence. The scoring indicates local exploitation conditions, high complexity, and an availability-only impact. No public exploit details are provided in the supplied sources.
Researcher notes
The public record is sparse. The key technical evidence is the kernel commit message describing concurrent reads of nexthop_compat_mode and the READ_ONCE() fix. Validate exposure through exact kernel source or vendor backport status rather than version strings alone.
Mitigation direction
Check Linux distribution advisories for kernels containing the listed stable fixes.
Update affected systems through normal vendor kernel packages.
Prioritize shared, multi-user, and container-host systems with untrusted local users.
If patching is delayed, reduce unnecessary local account and shell access.
Track kernel.org stable commits referenced by the CVE for fix confirmation.
Validation and detection
Inventory Linux kernel versions across servers, workstations, and container hosts.
Compare installed kernels against vendor advisories and the referenced stable commits.
Confirm patched kernels are booted, not only installed.
Review systems with local untrusted users for elevated availability risk.
Document exceptions where vendor guidance is not yet available.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-362: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-362 · source CWE mapping
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.