CVE-2022-48802: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48802 affects the Linux kernel's fs/proc/taskmmu.c component. The vulnerability was discovered when a race condition occurred while reading /proc/$PID/smaps during MADVFREE operations. The issue was reported by syzbot and involves incorrect handling of mapcount for migration entries (Kernel Git).

The vulnerability occurs in a race condition scenario between smaps walk and MADVFREE operations. When MADVFREE is called for partial THP (Transparent Huge Pages), it may split THPs, leading to a situation where PageDoubleMap() is called on a page that is no longer a tail page of THP. The race condition sequence is: CPU A performs smaps walk with pagemapcount(), while CPU B executes MADVFREE involving PageCompound(), splithugepage(), and page = compound_head(page) operations, followed by PageDoubleMap(page) (Kernel Git).

The vulnerability results in a kernel BUG being triggered at include/linux/page-flags.h:785, causing an invalid opcode: 0000 error. This can lead to system instability and potential denial of service conditions (NVD).

The fix involves adding a new parameter for smapsaccount() to indicate migration entries and skip calling pagemapcount() for these entries. The solution avoids elevating the refcount of the page before calling mapcount, as this would prevent counting migration entries. The fix also addresses similar issues in pagemap functionality (Kernel Git).