CVE-2022-48857: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability was discovered in the Linux kernel's NFC port100 driver, specifically in the port100sendcomplete() function. The vulnerability was caused by missing usbkillurb() calls on the error handling path of the probe function. When probe failure occurs, port100sendcomplete() attempts to access devm allocated memory that has already been freed (Kernel Git).

The vulnerability occurs in drivers/nfc/port100.c where port100sendcomplete() accesses memory after it has been freed during probe failure. The issue stems from the probe function's error handling path not properly killing USB URBs before returning an error. This leads to a use-after-free condition when accessing devm allocated memory that was freed during probe failure. The bug was discovered through KASAN (Kernel Address Sanitizer) which detected a read of size 1 at an invalid address by the ksoftirqd kernel thread (Kernel Git).

This vulnerability could potentially lead to memory corruption in the Linux kernel when using the NFC port100 driver. Since it involves a use-after-free condition in kernel space, it could potentially be exploited to cause system crashes or potentially achieve privilege escalation (Kernel Git).

The issue has been fixed by adding proper usbkillurb() calls before freeing the URBs in the error handling path. The fix involves calling usbkillurb() for both inurb and outurb before their respective usbfreeurb() calls. This ensures that any pending URBs are properly canceled before the associated memory is freed (Kernel Git).