CVE-2022-48792: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48792 is a use-after-free vulnerability in the Linux kernel's SCSI subsystem, specifically in the pm8001 driver. The vulnerability was discovered in the handling of aborted SSP/STP sas_task operations. The issue affects Linux kernel versions up to (excluding) 5.10.102, versions from 5.11 up to (excluding) 5.15.25, and versions from 5.16 up to (excluding) 5.16.11 (NVD).

The vulnerability occurs when a sastask is aborted by the upper layer before handling I/O completion in mpisspcompletion() or mpisatacompletion() functions. The issue arises from incorrect ordering of operations: first calling complete() to inform the upper layer handler of I/O completion, followed by releasing driver resources in pm8001ccbtaskfree(). When complete() is called, the upper layer may free the sastask, leading to a use-after-free condition when pm8001ccbtaskfree() attempts to access it afterward. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD, Kernel Patch).

This vulnerability could allow an attacker with local access to cause a use-after-free condition, potentially leading to privilege escalation, information disclosure, or system crashes. The high CVSS score indicates serious potential consequences affecting the confidentiality, integrity, and availability of the system (NVD).

The vulnerability has been fixed by swapping the ordering of complete() and pm8001ccbtask_free() calls. Users should upgrade to Linux kernel versions 5.10.102, 5.15.25, 5.16.11 or later which contain the fix. The patch has been backported to multiple stable kernel branches (Kernel Patch).