CVE-2022-48822: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48822 is a use-after-free vulnerability in the Linux kernel's USB Function File System (ffs) component. The vulnerability occurs when ffsfuncepsdisable is called from ffsfuncdisable during a composition switch while ffsepfilerelease is simultaneously called from userspace. This race condition can lead to accessing already freed memory (NVD).

The vulnerability stems from a race condition between two operations: when ffsepfilerelease frees the read buffer and calls ffsdataclosed (which destroys ffs->epfiles and marks it as NULL), while simultaneously ffsfunceps_disable has initialized a local epfile that is now freed but waiting to acquire the spinlock. Once the spinlock is acquired, the driver proceeds with the stale value of epfile and attempts to free an already freed read buffer, resulting in a use-after-free condition. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability affects multiple versions of the Linux kernel from version 4.9 up to versions before 4.14.267, 4.19.230, 5.4.180, 5.10.101, 5.15.24, and 5.16.10. If exploited, this use-after-free vulnerability could potentially lead to privilege escalation, system crashes, or arbitrary code execution in the kernel context (NVD).

The vulnerability has been fixed by modifying the code to take epfiles local copy and assign it under spinlock, and if epfiles(local) is null then update it in ffs->epfiles before finally destroying it. The fix extends protection to ep related structures and concurrent accesses. Multiple patches have been released for different kernel versions (Kernel Patch).