CVE-2022-47946: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-47946 is a use-after-free vulnerability discovered in the Linux kernel 5.10.x versions before 5.10.155, specifically in the iosqpollwaitsq function within fs/iouring.c. The vulnerability was discovered by Xingyuan Mo and Gengjia Chen of IceSword Lab, Qihoo 360 Technology Co. Ltd., and was disclosed in December 2022 (OSS Security).

The vulnerability occurs in the iosqpollwaitsq function where a waitqueueentry object on the stack named 'wait' is added to wait queue ctx->sqosqwait. If ctx->sqodead is non-zero, the control flow jumps to 'out', skipping the call to finishwait(), leaving the 'wait' object in ctx->sqosq_wait. This results in stale pointers to expired kernel stack space, leading to memory corruption when entries are unlinked. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability allows an attacker to crash the kernel, resulting in a denial of service condition. The impact is particularly significant as it affects the kernel's I/O operations and can be triggered through normal system operations (OSS Security).

The vulnerability was patched in Linux kernel version 5.10.155. The fix involves modifying the error handling in iosqpollwaitsq() to ensure that finishwait() is always called by changing the goto statement to a break condition after setting the error value. This ensures proper removal from the sqosqwait waitqueue (Kernel Patch).