CVE-2022-48751: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48751 is a vulnerability in the Linux kernel's SMC (Shared Memory Communication) networking component, discovered in June 2024. The issue affects Linux kernel versions from 4.19.299 up to (excluding) 4.20, from 5.1 up to (excluding) 5.15.19, from 5.16 up to (excluding) 5.16.5, and version 5.17-rc1. The vulnerability is caused by accessing smc->clcsock after clcsock was released, leading to a NULL pointer dereference (NVD).

The vulnerability manifests as a NULL pointer dereference in the smc_setsockopt() function. When accessing smc->clcsock after it has been released, it triggers a kernel crash with a supervisor read access in kernel mode. The issue has been assigned a CVSS v3.1 Base Score of 4.7 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access required with high attack complexity (NVD).

The vulnerability can result in a kernel NULL pointer dereference, which leads to a system crash and denial of service. This affects system stability and availability, particularly when the SMC networking functionality is in use (NVD).

The issue has been patched by implementing a fix that holds clcsockreleaselock and checks whether clcsock has already been released before access. The patch also includes additional checks in smcgetsockopt() and smcswitchtofallback() functions to prevent similar crashes. The fix has been implemented in the kernel patches (Kernel Patch).