CVE-2022-49903 in Linuxinfo

Summary

by MITRE • 05/01/2025

In the Linux kernel, the following vulnerability has been resolved:

ipv6: fix WARNING in ip6_route_net_exit_late()

During the initialization of ip6_route_net_init_late(), if file ipv6_route or rt6_stats fails to be created, the initialization is successful by default. Therefore, the ipv6_route or rt6_stats file doesn't be found during the remove in ip6_route_net_exit_late(). It will cause WRNING.

The following is the stack information: name 'rt6_stats' WARNING: CPU: 0 PID: 9 at fs/proc/generic.c:712 remove_proc_entry+0x389/0x460 Modules linked in: Workqueue: netns cleanup_net RIP: 0010:remove_proc_entry+0x389/0x460 PKRU: 55555554 Call Trace: <TASK> ops_exit_list+0xb0/0x170 cleanup_net+0x4ea/0xb00 process_one_work+0x9bf/0x1710 worker_thread+0x665/0x1080 kthread+0x2e4/0x3a0 ret_from_fork+0x1f/0x30 </TASK>

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 03/15/2026

This vulnerability exists in the Linux kernel's IPv6 networking subsystem where improper error handling during the late initialization phase of IPv6 routing components leads to kernel warnings and potential stability issues. The flaw occurs specifically in the ip6_route_net_exit_late() function when attempting to clean up proc entries that were never properly created during the initialization sequence. The issue stems from a logical inconsistency where the system considers initialization successful even when critical proc entries like ipv6_route or rt6_stats fail to be created, yet the cleanup routine expects these entries to exist.

The technical implementation flaw manifests as a race condition or state management issue within the kernel's network namespace cleanup mechanism. During normal operation, when ip6_route_net_init_late() attempts to create proc entries for IPv6 routing statistics, it may fail due to resource constraints, permission issues, or other initialization failures. However, the code path does not properly track whether these entries were successfully created, allowing the initialization to proceed as if successful. When the cleanup function ip6_route_net_exit_late() executes during network namespace destruction, it attempts to remove these proc entries without checking their existence, resulting in the kernel WARNING message.

This vulnerability falls under CWE-252: Unchecked Return Value, specifically manifesting as an improper handling of conditional execution paths in kernel space. The issue directly impacts the kernel's ability to maintain consistent state during network namespace lifecycle management and can potentially lead to more serious stability concerns during high-concurrency network operations. The warning occurs in the procfs generic.c module at line 712 in the remove_proc_entry function, indicating a fundamental mismatch between creation and deletion operations within the kernel's virtual filesystem layer.

The operational impact of this vulnerability is significant for systems running Linux kernels that utilize IPv6 networking with dynamic network namespace management. During high-frequency network namespace creation and destruction cycles, such as those found in containerized environments, virtualization platforms, or network services that frequently spawn isolated network contexts, these warnings can accumulate and potentially mask more serious underlying issues. The warning messages indicate improper resource management that could lead to memory leaks or inconsistent kernel state, particularly when multiple network namespaces are created and destroyed in rapid succession.

Mitigation strategies should focus on implementing proper error checking and state tracking within the IPv6 routing initialization and cleanup functions. The kernel code should be modified to ensure that when proc entries fail to be created during ip6_route_net_init_late(), the system maintains proper state tracking to prevent cleanup attempts on non-existent entries. This aligns with ATT&CK technique T1562.001: Impair Defenses - Disable or Modify Tools, as it addresses a fundamental kernel-level vulnerability that could be exploited to cause system instability. System administrators should ensure they are running patched kernel versions that address this specific issue, particularly in environments where IPv6 networking is actively used alongside dynamic network namespace management. The fix should also include enhanced logging to help identify when and why proc entry creation fails, enabling better troubleshooting of underlying resource constraints or permission issues.

Responsible

Linux

Reservation

05/01/2025

Disclosure

05/01/2025

Moderation

accepted

CPE

ready

EPSS

0.00186

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!