CVE-2022-48619: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability was discovered in drivers/input/input.c in the Linux kernel before version 5.17.10, identified as CVE-2022-48619. The issue relates to the input_set_capability function's improper handling of event codes that fall outside of a bitmap, which could lead to a system panic. The vulnerability was disclosed and patched in January 2024 (NVD, Ubuntu).

The vulnerability exists in the input subsystem's input_set_capability function where it fails to properly validate event codes against bitmap boundaries. When an event code falls outside of the allocated bitmap for a given event type, the system can enter an undefined state leading to a kernel panic. The issue has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) (Oracle VM).

The primary impact of this vulnerability is a denial of service condition through system panic. A successful exploitation would cause the affected system to crash, requiring a restart to restore normal operation (NVD).

The vulnerability has been fixed in Linux kernel version 5.17.10 and later. The patch adds proper bounds checking to the input_set_capability function to prevent kernel panics when event codes exceed the bitmap boundaries. Various Linux distributions have released updates to address this vulnerability, including Ubuntu which has provided fixes for multiple supported versions (Ubuntu).