CVE-2022-48985: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48985 is a race condition vulnerability in the Linux kernel's MANA network driver. The vulnerability was discovered in late 2022 and affects Linux kernel versions from 5.15 to 6.0.13. The issue occurs in the net: mana driver where after calling napicompletedone(), the NAPIFSTATESCHED bit may be cleared, allowing another CPU to start a NAPI thread and access the per-CQ variable cq->work_done (Kernel Patch).

The vulnerability stems from a race condition in the MANA network driver's NAPI (New API) implementation. If another thread (for example, from busypoll) sets the workdone value to greater than or equal to the budget after napicompletedone() is called, the original thread will continue to run when it should stop, potentially causing memory corruption and system panic. The vulnerability has been assigned a CVSS v3.1 base score of 4.7 MEDIUM (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) (NVD).

The vulnerability can lead to memory corruption and system panic in affected systems. The fail could happen for specific cases during network driver usage, primarily affecting system availability. There are no known confidentiality or integrity impacts (Red Hat).

To mitigate this issue, the recommended approach is to prevent the MANA module from being loaded. System administrators can blacklist the kernel module to prevent it from loading automatically. The permanent fix involves saving the per-CQ workdone variable in a local variable before napicompletedone(), preventing corruption by concurrent threads. Additionally, a flag bit has been added to advertise to the NIC firmware that the NAPI workdone variable race is fixed (Kernel Patch).