CVE-2022-2978: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-2978 is a use-after-free vulnerability discovered in the Linux kernel NILFS file system. The flaw was found in the way a user triggers the securityinodealloc function to fail with a subsequent call to nilfsmdtdestroy function. The vulnerability was discovered by Hao Sun and Jiacheng Xu and was publicly disclosed on August 24, 2022 (NVD, Ubuntu).

The vulnerability occurs in the allocinode function where inodeinitalways() could return -ENOMEM if securityinodealloc() fails, causing inode->iprivate to remain uninitialized. This leads to nilfsismetadatafileinode() returning true, causing nilfsfreeinode() to incorrectly call nilfsmdtdestroy(), which then frees the uninitialized inode->i_private. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

A local user could exploit this vulnerability to cause a denial of service (system crash or memory corruption) or potentially escalate their privileges on the system (NVD, Ubuntu).

The vulnerability has been fixed by moving the securityinodealloc function call just prior to thiscpuinc(nr_inodes) in the Linux kernel. Various Linux distributions have released patches, including Ubuntu (versions 22.04 LTS, 20.04 LTS, 18.04 LTS, and 16.04 LTS) and Debian (version 10 buster) (Ubuntu, Debian).