CVE-2022-36879: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-36879 was discovered in the Linux kernel through 5.18.14, specifically in the xfrm_expand_policies function within net/xfrm/xfrm_policy.c. The vulnerability was disclosed on July 27, 2022, affecting the Linux kernel's IP framework for transforming packets (XFRM subsystem) (Debian Security, CVE Mitre).

The vulnerability stems from a reference counting error in the XFRM subsystem where xfrm_expand_policies can cause a refcount to be dropped twice. The issue occurs when xfrm_policy_lookup() calls xfrm_pol_hold_rcu() to get a refcount of pols[0], which can be dropped in xfrm_expand_policies() when it returns an error. Additionally, xfrm_bundle_lookup() also calls xfrm_pols_put() with num_pols == 1 to drop this refcount when xfrm_expand_policies() returns an error (Kernel Commit). The vulnerability has been assigned a CVSS score of 5.5 (Medium) (NetApp Security).

When successfully exploited, this vulnerability could lead to a denial of service (DoS) condition in the affected system. The reference counting error could potentially cause system instability or crashes (Ubuntu Security).

The vulnerability has been fixed in multiple Linux distributions through security updates. For Debian 10 (buster), the fix was included in version 4.19.260-1 and 5.10.136-1~deb10u3. Ubuntu has released fixes for various versions including 5.15.0-50.56 for 22.04 LTS and 5.4.0-128.144 for 20.04 LTS (Debian LTS, Ubuntu Security).