CVE-2022-49066: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49066 affects the Linux kernel's virtual ethernet (veth) device driver. The vulnerability was discovered when a decapsulated packet is fed to a veth device with actmirred, where skbheadlen() may be 0. This condition occurs because vethxmit() calls _devforwardskb(), which expects at least ETHHLEN byte of linear data, as _devforwardskb2() calls ethtypetrans() that unconditionally pulls ETH_HLEN bytes (Kernel Commit).

The vulnerability stems from a mismatch between data handling requirements in the veth driver's packet transmission path. When ethtypetrans() is called within _devforwardskb2(), it attempts to pull ETHHLEN bytes unconditionally, but in cases where skbheadlen() is 0, this operation fails, triggering a kernel BUG at include/linux/skbuff.h:2328. The issue manifests in the call trace through vethxmit() and ultimately leads to a kernel panic (Kernel Commit).

When triggered, this vulnerability causes a kernel panic, leading to system instability and potential denial of service. The issue occurs in the networking stack's core functionality, specifically affecting systems using virtual ethernet interfaces with certain packet processing configurations (Kernel Commit).

The issue has been fixed by adding a check using pskbmaypull() to ensure vethxmit() respects the ETHHLEN constraint. The fix was implemented in the Linux kernel through commit 726e2c5929de841fdcef4e2bf995680688ae1b87, which modifies the veth driver to properly handle the packet buffer requirements (Kernel Commit).