CVE-2022-48796: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability was discovered in the Linux kernel's IOMMU subsystem (CVE-2022-48796). The issue occurs when a device probe fails while freeing dev->iommu in the deviommufree function, and a deferredprobeworkfunc runs in parallel attempting to access dev->iommu->fwspec in the ofiommu_configure path (Kernel Patch).

The vulnerability is caused by a race condition in the IOMMU device probing code. When a device probe fails, the code attempts to free the dev->iommu structure, but before the memory is fully freed, a parallel deferred probe work function tries to access the same memory region through dev->iommu->fwspec. This results in a use-after-free condition that was detected by the Kernel Address Sanitizer (KASAN). The CVSS v3.1 base score for this vulnerability is 7.8 HIGH (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) (NVD).

The vulnerability affects Linux kernel versions from 5.7 through 5.10.101, 5.11 through 5.15.24, 5.16 through 5.16.10, and 5.17-rc1 to 5.17-rc2. If exploited, this use-after-free vulnerability could potentially lead to privilege escalation, information disclosure, or system crashes (NVD).

The vulnerability has been fixed by modifying the deviommufree function to set dev->iommu to NULL before freeing the dev_iommu structure, preventing the race condition. The fix has been incorporated into various Linux kernel versions through security updates. Users should update their kernel to a patched version (Red Hat).