CVE-2022-49918 in Linuxinfo

Summary

by MITRE • 05/01/2025

In the Linux kernel, the following vulnerability has been resolved:

ipvs: fix WARNING in __ip_vs_cleanup_batch()

During the initialization of ip_vs_conn_net_init(), if file ip_vs_conn or ip_vs_conn_sync fails to be created, the initialization is successful by default. Therefore, the ip_vs_conn or ip_vs_conn_sync file doesn't be found during the remove.

The following is the stack information: name 'ip_vs_conn_sync' WARNING: CPU: 3 PID: 9 at fs/proc/generic.c:712 remove_proc_entry+0x389/0x460 Modules linked in: Workqueue: netns cleanup_net RIP: 0010:remove_proc_entry+0x389/0x460 Call Trace: <TASK> __ip_vs_cleanup_batch+0x7d/0x120 ops_exit_list+0x125/0x170 cleanup_net+0x4ea/0xb00 process_one_work+0x9bf/0x1710 worker_thread+0x665/0x1080 kthread+0x2e4/0x3a0 ret_from_fork+0x1f/0x30 </TASK>

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 03/15/2026

The vulnerability described in CVE-2022-49918 resides within the Linux kernel's IP Virtual Server (IPVS) implementation, specifically in the __ip_vs_cleanup_batch() function. This issue manifests as a WARNING during kernel initialization processes, particularly when the ip_vs_conn_net_init() function attempts to create necessary proc entries for connection tracking. The root cause stems from improper error handling during the initialization sequence where the system defaults to successful initialization even when critical files like ip_vs_conn or ip_vs_conn_sync fail to be created. This creates a discrepancy between the expected state of the kernel's networking subsystem and its actual operational state, leading to potential system instability.

The technical flaw occurs in the proc filesystem management within the kernel's networking stack, specifically in the fs/proc/generic.c file at line 712 where remove_proc_entry() is called. When the cleanup process attempts to remove proc entries that were never properly created due to initialization failures, the system generates a WARNING message indicating that the expected file 'ip_vs_conn_sync' cannot be found. The stack trace reveals a complex call chain involving __ip_vs_cleanup_batch(), ops_exit_list(), cleanup_net(), and various workqueue processing functions, indicating that this vulnerability operates within the kernel's network namespace cleanup mechanism. This particular implementation follows CWE-252 weakness pattern, representing an unchecked return value or improper error handling in a critical system component.

The operational impact of this vulnerability extends beyond simple warning messages, as it represents a potential pathway for denial of service conditions within network services that rely on IPVS functionality. When the kernel's networking subsystem fails to properly clean up resources during shutdown or namespace transitions, it can lead to resource leaks, inconsistent system states, and potentially exploitable conditions. The vulnerability affects systems running Linux kernels with IPVS support, particularly those implementing load balancing or virtual server configurations. The improper handling of proc entry creation failures can result in incomplete cleanup operations, which may allow attackers to manipulate the kernel's networking state or cause system instability through repeated initialization and cleanup cycles. This vulnerability aligns with ATT&CK technique T1489, which covers undermining process integrity through kernel-level modifications.

Mitigation strategies for CVE-2022-49918 should focus on implementing proper error handling within the IPVS initialization sequence and ensuring that all proc entries are either successfully created or that cleanup operations appropriately handle missing entries. System administrators should apply the latest kernel patches that address this specific issue, as the vulnerability has been resolved in updated kernel versions. Additionally, monitoring systems should be configured to detect WARNING messages related to proc filesystem operations and IPVS cleanup processes, as these may indicate underlying stability issues. The fix typically involves modifying the ip_vs_conn_net_init() function to properly validate that all required proc entries are created successfully before considering the initialization complete, thereby preventing the scenario where cleanup operations attempt to remove non-existent entries. Organizations should also consider implementing comprehensive kernel hardening measures and regularly updating their systems to prevent exploitation of similar kernel-level vulnerabilities that could lead to privilege escalation or system compromise.

Responsible

Linux

Reservation

05/01/2025

Disclosure

05/01/2025

Moderation

accepted

CPE

ready

EPSS

0.00173

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!