CVE-2022-49078: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49078 is a vulnerability in the Linux kernel's LZ4 decompression implementation. The issue specifically affects the LZ4_decompress_safe_partial function, which can lead to a read out of bounds condition when handling partial decoding of compressed data. This vulnerability was discovered and reported through KASAN (Kernel Address Sanitizer) (NVD).

The vulnerability occurs in the LZ4_decompress_safe_partial function within the Linux kernel's LZ4 implementation. When performing partial decoding, the function fails to properly handle end-of-file (EOF) conditions, specifically when either the output buffer is filled or when it cannot proceed with reading an offset for the following match. In extreme corner cases with corrupted compressed data, this can lead to a Use-After-Free (UAF) condition. The issue has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability can lead to read out of bounds and Use-After-Free conditions when processing corrupted compressed data, potentially allowing an attacker to cause system instability or potentially execute arbitrary code with kernel privileges (Kernel Commit).

The vulnerability has been fixed in the Linux kernel through a patch that properly handles EOF conditions in the LZ4_decompress_safe_partial function. The fix involves checking if the input pointer has reached a position where it cannot proceed with reading an offset for the following match (Kernel Commit).