CVE-2022-48734: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48734 affects the Linux kernel's BTRFS filesystem implementation. The vulnerability involves a deadlock condition between quota disable and qgroup rescan worker operations. This issue was discovered in the Linux kernel and was fixed in various versions including 5.4.178, 5.10.99, 5.15.22, and 5.16.8 (NVD).

The vulnerability occurs when the quota disable ioctl starts a transaction before waiting for the qgroup rescan worker to complete. This creates a circular dependency among the quota disable ioctl, the qgroup rescan worker, and other tasks with transactions such as block group relocation. The deadlock occurs in a specific sequence: 1) Task A calls ioctl to disable quota and starts a transaction, 2) Task B starts and joins the transaction that Task A started, 3) Task C (qgroup rescan worker) starts a transaction and waits for completion of Task A's transaction (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 MEDIUM (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) (NVD).

The vulnerability can result in a system deadlock, causing affected processes to become unresponsive. This was particularly observed with fstests test case btrfs/115 on a zoned nullblk device, and when running quota enable and disable operations in parallel with the 'btrfs balance' command on regular nullblk devices (Kernel Patch).

The fix involves modifying the quota disable operation to wait for the qgroup rescan worker to complete before starting the transaction. The BTRFSFSQUOTAENABLE flag is cleared before the wait and transaction to request worker completion. Additionally, a check for the BTRFSFSQUOTAENABLE flag was added in qgrouprescaninit to prevent another qgroup rescan worker from starting after the previous worker completed (Kernel Patch).