CVE-2022-3586: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2022-3586) was discovered in the Linux kernel's networking code, specifically in the sch_sfb enqueue function. The vulnerability was identified on October 19, 2022, affecting the way the socket buffer (SKB) cb field was handled after the SKB had been enqueued and freed into a child qdisc (NVD, Debian).

The vulnerability occurs in the sch_sfb enqueue function where it incorrectly assumes the SKB is still alive after being enqueued into a child qdisc. The issue specifically manifests when using the data in the SKB cb field in the increment_qlen() routine after enqueue. This becomes particularly problematic when sch_cake is used as a child of sfb with GSO splitting mode enabled, leading to the original SKB being split into segments and freed (Linux Commit).

This vulnerability allows a local, unprivileged user to crash the system, causing a denial of service. Additionally, it may lead to the disclosure of sensitive information from the kernel (Ubuntu, Debian LTS).

The issue has been fixed by copying the sfb cb data to the stack before enqueueing the SKB, and using this stack copy in increment_qlen() instead of the SKB pointer itself. The fix was implemented in the Linux kernel through commit 9efd23297cca (Linux Commit). Various Linux distributions have released patches, including Ubuntu and Debian, which have provided security updates for affected versions (Debian LTS).