CVE-2022-40307: 
Linux Kernel vulnerability analysis and mitigation

A race condition vulnerability (CVE-2022-40307) was discovered in the Linux kernel through version 5.19.8, specifically in the drivers/firmware/efi/capsule-loader.c file. The vulnerability was discovered on September 9, 2022, affecting the EFI capsule loader driver implementation (NVD, Ubuntu).

The vulnerability stems from a race condition in the EFI capsule loader driver that can lead to a use-after-free condition. The issue occurs between the efi_capsule_write() and efi_capsule_flush() functions of efi_capsule_fops, which can be triggered if a user calls close() on another thread during a write() operation on the device node of the EFI capsule. The fix involved modifying the page freeing process to be done in efi_capsule_release() instead of efi_capsule_flush() (Linux Commit).

A local user with access to the /dev/efi_capsule_loader device could exploit this vulnerability to cause a denial of service (system crash or memory corruption) or potentially execute arbitrary code with elevated privileges. However, the security impact is somewhat limited as the device is normally only accessible by the root user (Debian LTS).

The vulnerability has been fixed in various Linux distributions through security updates. For example, Ubuntu has released fixes for multiple versions including 22.10 (5.19.0-28.29), 22.04 LTS (5.15.0-57.63), 20.04 LTS (5.4.0-136.153), and 18.04 LTS (4.15.0-201.212). Debian has also addressed this in version 5.10.149-1 for the stable distribution (bullseye) (Debian Security).