CVE-2022-48955: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48955 is a memory leak vulnerability in the Linux kernel's Thunderbolt network driver. The issue was discovered in the tbnetopen() function, where memory allocated by tbxdomainallocouthopid() was not properly released when tbringallocrx() failed. This vulnerability was disclosed and fixed in October 2024 (CVE Details).

The vulnerability occurs in the Linux kernel's Thunderbolt network driver implementation. When tbringallocrx() fails in tbnetopen(), the IDA (ID Allocator) that was allocated in tbxdomainallocouthopid() is not released, resulting in a memory leak. The fix involves adding tbxdomainreleaseouthopid() to the error path to properly release the allocated IDA. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Moderate) with the vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat CVE).

The vulnerability affects system availability through memory resource exhaustion. According to the CVSS metrics, while there is no impact on confidentiality or integrity, there is a high impact on availability. The local nature of the vulnerability and the requirement for low privileges somewhat limits its potential impact (Red Hat CVE).

The vulnerability has been fixed in various Linux kernel versions. The fix involves adding proper memory cleanup in the error path of tbnet_open(). Debian has released fixes for multiple versions: bullseye (5.10.226-1), bookworm (6.1.128-1), and trixie (6.12.12-1). The fix is also available in the mainline kernel (Debian Tracker).