CVE-2022-49049: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49049 affects the Linux kernel's memfdsecret functionality. The vulnerability was discovered when attempting to grow an existing memfdsecret with ftruncate, which results in a kernel panic. This issue affects the memory management subsystem (mm/secretmem) in the Linux kernel (Kernel Git).

The vulnerability occurs when growing a memfdsecret file using ftruncate. When attempting to resize, the system calls into simplesetattr and truncateinodepagesrange, eventually trying to zero memory. The normal truncation code uses the direct map (via pageaddress()), but memfdsecret specifically avoids direct mapping (using setdirectmapinvalidnoflush() on every fault). This mismatch causes the pageaddress() to return an invalid address, resulting in a kernel panic when attempting to use memset() (Kernel Git).

When exploited, this vulnerability causes a kernel panic, effectively creating a denial of service condition. The issue occurs specifically when attempting to resize an existing memfd_secret file, disrupting system operations (Kernel Git).

The issue has been patched by implementing a custom setattr for memfdsecret that detects resize attempts on existing files and rejects them with EINVAL. The fix prevents the panic while maintaining security. A more comprehensive solution to support growing memfdsecret files may be developed in the future (Kernel Git).