CVE-2022-48790: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48790 is a use-after-free vulnerability discovered in the Linux kernel's NVMe driver. The vulnerability was disclosed on July 16, 2024, and affects the NVMe controller reset functionality during load operations. This security issue impacts multiple versions of the Linux kernel, including versions up to 4.19.231, 5.4.181, 5.10.102, 5.15.25, and 5.16.11 (NVD).

The vulnerability occurs in the NVMe driver's async event handling mechanism. Unlike .queuerq, the .submitasync_event drivers may not check the controller readiness for AER (Asynchronous Event Request) submission. The issue manifests as a race condition during controller reset operations. The vulnerability has been assigned a CVSS v3.1 base score of 7.0 (HIGH) with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements but high potential impact (NVD).

The vulnerability can lead to a use-after-free condition, which was specifically observed with nvme-tcp. This type of vulnerability can potentially result in system crashes, memory corruption, or arbitrary code execution with kernel privileges (NVD).

The vulnerability has been patched by adding a controller state check to validate that the controller is actually able to accept the AER submission. The fix ensures that the driver during teardown changes the controller state to RESETTING and flushes asynceventwork, preventing any other AER command from being submitted when the controller is in RESETTING state (Kernel Patch).