CVE-2022-41858: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability (CVE-2022-41858) was discovered in the Linux kernel's SLIP driver, where a NULL pointer dereference could occur during the driver detachment process in sltxtimeout within drivers/net/slip/slip.c. The vulnerability was discovered by Duoming Zhou and affects Linux kernel versions prior to 5.18 (Ubuntu Security, MITRE).

The vulnerability stems from a race condition in the SLIP driver where a NULL pointer dereference may occur when sltxtimeout is called while the driver is being detached. The issue arises because although slipclose() and sltxtimeout() use sl->lock for synchronization, there was no check whether sl->tty equals NULL in sltx_timeout(). The vulnerability has been assigned a CVSS score of 7.1 (High) with the vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H (NetApp Security).

When successfully exploited, this vulnerability could allow an attacker to crash the system or leak internal kernel information. The impact includes potential denial of service (DoS) and disclosure of sensitive information (MITRE, NetApp Security).

A fix has been implemented by adding a check in sltxtimeout() to verify if sl->tty equals NULL, in which case sltxtimeout() will exit. The patch has been committed to the Linux kernel repository (Linux Kernel Commit).