CVE-2022-49204: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49204 affects the Linux kernel's BPF sockmap implementation. The vulnerability was discovered in the tcpbpfsendverdict() function where a message size accounting issue occurs when handling data after tcpbpfsendmsgredir(). The issue results in memory being uncharged twice from sk->skforwardalloc, potentially leading to memory accounting inconsistencies (Kernel Commit).

The vulnerability occurs in the tcpbpfsendverdict() function when a message has more data after tcpbpfsendmsgredir(). Specifically, when msg->sg.size is initially 22220 bytes, after tcpbpfsendmsgredir() it becomes 11000 bytes. The msg->sg.size gets uncharged twice from sk->skforwardalloc - once during the initial skmsgreturn() call and again after the moredata handling (Kernel Commit).

This vulnerability can trigger kernel warnings and potentially lead to memory accounting inconsistencies. The issue manifests through warnings in skstreamkillqueues and inetsock_destruct functions, indicating potential memory management issues that could affect system stability (Kernel Commit).

The issue has been fixed by properly charging the remaining msg->sg.size before goto moredata in the tcpbpfsendverdict() function. The fix involves modifying the skmsgreturn() call to use msg->sg.size instead of tosend, and adding an explicit skmemcharge() call when eval equals _SKREDIRECT (Kernel Commit).