CVE-2022-48638: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48638 is a vulnerability in the Linux kernel's cgroup subsystem, specifically in the cgroupgetfrom_id() function. The vulnerability was discovered when it was found that the function failed to properly verify if the looked-up kernfs node (kn) is a directory. This vulnerability was first reported by Marco Patalano and affects Linux kernel versions from 5.14 onwards (Kernel Git).

The vulnerability exists in the cgroupgetfromid() function where it fails to verify if the looked-up kernfs node is a directory. The cgroup has to be one kernfs directory; otherwise, a kernel panic can be triggered, especially when the cgroup ID is provided from userspace. The issue was fixed by adding a check 'kernfstype(kn) != KERNFS_DIR' before accessing the node. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.3 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L (CISA ADP).

When exploited, this vulnerability can cause a kernel panic, leading to system crashes and potential denial of service conditions. The impact is particularly significant when the cgroup ID is provided from userspace, as it could allow local users to trigger system instability (Red Hat).

The vulnerability has been fixed in various Linux kernel versions through patches that add proper directory type checking. Multiple Linux distributions have released updates to address this issue, including Ubuntu which has fixed it in version 5.15.0-57.63 for 22.04 LTS, and Red Hat Enterprise Linux which has addressed it in kernel version 4.18.0-372.124.1 (Ubuntu Security, Red Hat).