CVE-2022-49972 in Linux
Summary
by MITRE • 06/18/2025
In the Linux kernel, the following vulnerability has been resolved:
xsk: Fix corrupted packets for XDP_SHARED_UMEM
Fix an issue in XDP_SHARED_UMEM mode together with aligned mode where packets are corrupted for the second and any further sockets bound to the same umem. In other words, this does not affect the first socket bound to the umem. The culprit for this bug is that the initialization of the DMA addresses for the pre-populated xsk buffer pool entries was not performed for any socket but the first one bound to the umem. Only the linear array of DMA addresses was populated. Fix this by populating the DMA addresses in the xsk buffer pool for every socket bound to the same umem.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 11/30/2025
The vulnerability CVE-2022-49972 addresses a critical flaw in the Linux kernel's eXpress Data Path implementation specifically affecting XDP_SHARED_UMEM mode operations. This issue manifests when multiple sockets are bound to the same user memory (umem) region, creating a scenario where packet corruption occurs for subsequent sockets beyond the initial connection. The flaw represents a significant security and reliability concern within high-performance networking stacks that rely on shared memory architectures for packet processing.
The technical root cause lies in the improper initialization of Direct Memory Access (DMA) addresses within the XDP buffer pool structure. When the first socket establishes a connection to a shared umem, the DMA address array gets properly populated for that initial socket's buffer pool entries. However, subsequent socket bindings to the same umem fail to initialize these DMA addresses correctly, leaving them in an uninitialized or corrupted state. This creates a condition where packets processed by later sockets contain invalid DMA addresses, resulting in data corruption during packet transmission or reception. The issue specifically affects the XDP_SHARED_UMEM mode, which is designed to allow multiple sockets to share the same memory pool for efficient packet handling, but fails to maintain proper memory state consistency across all socket instances.
The operational impact of this vulnerability extends beyond simple packet corruption to potentially compromise network reliability and application performance in high-throughput environments. Systems utilizing XDP_SHARED_UMEM for packet processing, particularly those implementing high-speed network interfaces or network function virtualization, may experience intermittent packet loss, malformed data transmission, or complete network stack instability. This vulnerability affects the fundamental networking capabilities of Linux systems where shared memory packet processing is employed, potentially impacting data center networks, network security appliances, and high-performance computing environments that depend on efficient packet handling mechanisms.
The fix implemented addresses this by ensuring that DMA address initialization occurs consistently for all socket instances bound to the same umem, rather than being limited to only the first socket. This remediation follows established patterns for shared memory management and aligns with security best practices for maintaining memory consistency in concurrent access scenarios. The solution directly addresses the underlying CWE-119 weakness related to improper access to memory buffers and aligns with ATT&CK technique T1059.001 for system service manipulation through kernel-level vulnerabilities. Organizations should prioritize applying this kernel patch to maintain network stability and prevent potential exploitation of this memory corruption vulnerability in environments utilizing shared XDP memory pools for high-performance packet processing operations.