CVE-2022-48963: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48963 is a memory leak vulnerability in the Linux kernel's WWAN (Wireless Wide Area Network) IOSM driver. The vulnerability was discovered in the ipcmuxinit() function where memory allocated for ipcmux is not properly released when the allocation of ipcmux->uladb.ppqlt fails. This issue affects Linux kernel versions from 5.18 up to (excluding) 6.0.13, and various 6.1 release candidates (rc1 through rc8) (NVD).

The vulnerability is classified as a CWE-401 (Missing Release of Memory after Effective Lifetime) issue. It has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The technical root cause lies in the ipcmuxinit() function where a memory leak occurs when the allocation of ipcmux->uladb.ppqlt fails, as the previously allocated ipcmux memory is not properly freed (NVD, Kernel Patch).

The vulnerability can lead to memory leaks in the Linux kernel's WWAN IOSM driver, potentially causing system resource exhaustion over time. The CVSS scoring indicates that while there is no impact on confidentiality or integrity, there can be a high impact on system availability (NVD).

The vulnerability has been fixed in the Linux kernel through a patch that adds proper memory cleanup. The fix involves adding a kfree(ipc_mux) call in the error path when allocation fails. Users should update their Linux kernel to a version that includes the fix (Kernel Patch).