CVE-2022-3105: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-3105 is a vulnerability discovered in the Linux kernel through version 5.16-rc6. The issue specifically affects the uapifinalize function in drivers/infiniband/core/uverbsuapi.c, where it fails to properly check the return value of kmalloc_array(). The vulnerability was discovered by Jiasheng Jiang and was later fixed in kernel version 5.16 (Kernel Commit, NVD).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) issue. It received a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The technical root cause stems from the lack of proper validation of kmallocarray() return value in the uapifinalize function, which could lead to dereferencing a NULL pointer if the memory allocation fails (Red Hat Bugzilla).

The vulnerability could lead to a NULL pointer dereference, potentially causing a system crash or denial of service condition. The impact is limited by the local access requirement and the need for privileged access (Red Hat Bugzilla).

The vulnerability was fixed in Linux kernel version 5.16 with the addition of a NULL pointer check for the kmallocarray() return value. The fix was also backported to various distributions including Red Hat Enterprise Linux 8 through security updates RHSA-2022:1988 and RHSA-2022:1975 ([Red Hat Bugzilla](https://bugzilla.redhat.com/showbug.cgi?id=2153067)).