CVE-2022-48988: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48988 is a use-after-free vulnerability in the Linux kernel's memory control group (memcg) subsystem. The vulnerability was discovered in the memcgwriteeventcontrol() function, where the dentry->dname access could race against renames and removals of arbitrary files. The issue was introduced when a file type check was inadvertently dropped in commit 347c4a874710 ("memcg: remove cgroup_event->cft"). The vulnerability affects Linux kernel versions from 3.14 up to versions before 6.1 (NVD).

The vulnerability occurs in the memcgwriteeventcontrol() function which accesses the dentry->dname of the specified control fd to route write calls. While cgroup interface files cannot be renamed and are safe to access when they are regular cgroup files, the removal of the _filecft() verification check allowed arbitrary files to be processed. This broke invariants around d_name and parent accesses, potentially leading to use-after-free conditions when racing against renames and removals of arbitrary files. The CVSS v3.1 base score is 7.0 HIGH with vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

If successfully exploited, this vulnerability could allow an attacker to cause use-after-free conditions in the kernel's memory subsystem, potentially leading to privilege escalation, information disclosure, or system crashes. The vulnerability requires local access and high complexity to exploit, but could affect system confidentiality, integrity, and availability (NVD).

The vulnerability has been fixed by resurrecting the file type check in _filecft(). The fix involves checking the superblock and dentry type instead of file operations, as cgroupfs is now implemented through kernfs. Users should update to patched kernel versions. The fix has been backported to multiple stable kernel versions (Kernel Patch).