CVE-2022-20422: 
Alibaba Cloud Linux (Aliyun Linux) vulnerability analysis and mitigation

CVE-2022-20422 is a vulnerability discovered in the Linux kernel's ARM64 instruction emulator, specifically in the emulation_proc_handler function of armv8_deprecated.c. The vulnerability was disclosed in October 2022 and affects Android kernel and various Linux distributions. This race condition vulnerability could potentially lead to memory corruption, allowing local attackers to escalate privileges without requiring additional execution privileges or user interaction (NVD, Ubuntu).

The vulnerability exists as a race condition in the instruction emulator for ARM 64-bit systems. Concurrent changes to the sysctls that control the emulator could result in a null pointer dereference. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.0 (HIGH) with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access required, high attack complexity, low privileges required, and no user interaction needed (NVD).

The vulnerability could lead to local escalation of privilege with no additional execution privileges needed. On affected systems, successful exploitation could result in privilege escalation, memory corruption, or system crashes (Ubuntu, Debian).

Multiple Linux distributions have released patches to address this vulnerability. Ubuntu has fixed the issue in various kernel versions including 5.15.0-53.59 for 22.04 LTS, 5.4.0-132.148 for 20.04 LTS, and 4.15.0-197.208 for 18.04 LTS. Debian has addressed the vulnerability in version 5.10.149-2~deb10u1 for Debian 10 (buster) (Ubuntu, Debian).