CVE-2022-48740: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48740 is a vulnerability in the Linux kernel affecting SELinux functionality. The issue was discovered in the error handling paths of condreadlist() and duplicatepolicydbcondlist() functions, where condlist_destroy() gets called a second time in caller functions. This vulnerability affects Linux kernel versions up to 5.10.99, from 5.11 to 5.15.22, and from 5.16 to 5.16.8 (NVD).

The vulnerability is classified as a Double Free (CWE-415) issue in the SELinux subsystem of the Linux kernel. The problem occurs when condlistdestroy() is called multiple times on error paths, resulting in a NULL pointer dereference. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could lead to a NULL pointer dereference in the Linux kernel's SELinux subsystem, potentially causing system crashes or denial of service conditions. Given the CVSS score and vector, the vulnerability could potentially be exploited to achieve high impacts on confidentiality, integrity, and availability of the affected system (NVD).

The vulnerability has been fixed by resetting the condlistlen to 0 in condlistdestroy() and consistently resetting the cond_list pointer to NULL after freeing, making subsequent calls a noop. The fix has been implemented through patches in the Linux kernel (Kernel Patch).