CVE-2022-49094: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49094 is a slab-out-of-bounds vulnerability discovered in the Linux kernel's TLS implementation. The issue specifically affects the decryptinternal function in the net/tls subsystem. The vulnerability was identified when using AES128-CCM cipher, where a memory size mismatch occurs between tlsctx->rx.iv (12 bytes) and cryptoaeadivsize() return value (16 bytes) (Kernel Commit).

The vulnerability stems from a memory handling issue in the decryptinternal function where memcpy() attempts to copy 16 bytes from a 12-byte memory space. This occurs because the memory size of tlsctx->rx.iv for AES128-CCM is set to 12 bytes in tlssetswoffload(), while the return value of cryptoaead_ivsize() for 'ccm(aes)' is 16 bytes. The issue was introduced with the addition of AES128-CCM cipher support (Kernel Commit).

When triggered, this vulnerability results in a slab-out-of-bounds read operation, which can potentially lead to memory corruption or system crashes. The issue is particularly concerning as it affects the TLS implementation in the Linux kernel, which is critical for secure communications (Kernel Commit).

The issue has been fixed by replacing cryptoaeadivsize() with prot->ivsize + prot->saltsize when performing memcpy() operations for iv values in TLS13_VERSION scenarios. This fix ensures proper memory boundary handling for AES128-CCM operations (Kernel Commit).