CVE-2022-48847: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48847 is a slab-out-of-bounds vulnerability discovered in the Linux kernel's watch queue filter mechanism. The vulnerability was disclosed on July 16, 2024, affecting the watchqueuesetfilter() function. The issue occurs due to improper validation of filter type values against the typefilter bitmap capacity (Red Hat).

The vulnerability exists in the watchqueuesetfilter() function where there are inconsistent checks for filter type values. While one check correctly uses 'sizeof(wfilter->typefilter) 8', another incorrectly uses 'sizeof(wfilter->type_filter) BITSPERLONG'. This inconsistency can lead to out-of-bounds writes in two ways: through _setbit() on wfilter->type_filter and by writing more elements in wfilter->filters[] than allocated. The vulnerability has been assigned a CVSS v3.1 score of 5.5, with attack vector being Local (L), attack complexity Low (L), and requiring Low (L) privileges (Red Hat).

When exploited, this vulnerability can cause a system crash through an out-of-bounds write. The bug triggers a KASAN (Kernel Address Sanitizer) slab-out-of-bounds error, potentially leading to system instability or denial of service. The impact is primarily limited to local attacks, as it requires local access to the system (Red Hat).

The fix involves replacing the inconsistent size checks with a proper WATCHTYPE_NR constant, which represents the actual number of known types. The patch modifies both the watchqueue.h and watchqueue.c files to use DECLAREBITMAP(typefilter, WATCHTYPE_NR) instead of the previous implementation (Kernel Patch).