CVE-2022-48946: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48946 is a vulnerability in the Linux kernel's UDF (Universal Disk Format) filesystem implementation. The issue was discovered in the preallocation discarding functionality at indirect extent boundary. When a preallocation extent is the first one in the extent block, the code would corrupt the extent tree header instead of properly handling it (NVD).

The vulnerability exists in the UDF filesystem code, specifically in the preallocation discarding functionality. The issue occurs when handling extent boundaries, where the code incorrectly manages memory buffers and extent tree headers. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access is required and the primary impact is on system availability (NVD, Red Hat).

The vulnerability can lead to corruption of the extent tree header when handling preallocation extents at indirect extent boundaries. This could potentially result in filesystem corruption and system availability issues (NVD).

The vulnerability has been fixed in the Linux kernel through a patch that modifies the UDF filesystem code to properly handle preallocation discarding at indirect extent boundaries. The fix involves using udfdeleteaext() for deleting extents to avoid code duplication and prevent extent tree header corruption (Kernel Patch).