CVE-2022-49594: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49594 is a vulnerability in the Linux kernel related to a data race condition around sysctltcpmtuprobefloor. The vulnerability was discovered in July 2022 and affects the TCP implementation in the Linux kernel. The issue occurs when reading sysctltcpmtuprobefloor, as it can be changed concurrently, requiring the addition of READ_ONCE() to its reader (Kernel Git).

The vulnerability exists in the TCP MTU probing functionality of the Linux kernel. Specifically, in the tcpmtuprobing function within net/ipv4/tcptimer.c, there was a missing READONCE() operation when reading the sysctltcpmtuprobefloor value. This created a potential data race condition where the value could be modified concurrently during read operations (Debian Tracker).

The data race condition could potentially lead to inconsistent MTU (Maximum Transmission Unit) values being used in TCP connections, which might affect network performance and reliability. However, the actual impact is considered relatively low as it does not lead to system crashes or privilege escalation.

The issue has been fixed by adding READONCE() to the reader of sysctltcpmtuprobe_floor. The fix was implemented in the Linux kernel through commit 8e92d4423615a5257d0d871fc067aa561f597deb and has been backported to various stable kernel versions (Kernel Git).