CVE-2022-49271: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability (CVE-2022-49271) was discovered in the CIFS filesystem implementation. The issue occurs when calling smb2_ioctl_query_info() with smb_query_info::flags=PASSTHRU_FSCTL and smb_query_info::output_buffer_length=0, which could lead to a NULL pointer dereference. This vulnerability was discovered in early 2022 and affects the Linux kernel's CIFS implementation (Kernel Git).

The vulnerability stems from improper handling of output buffer lengths in the smb2_ioctl_query_info() function. When memdup_user() is called with a zero output_buffer_length, it returns 0x10 rather than a valid pointer, causing the IS_ERR() check to fail. This leads to a NULL pointer dereference when accessing the buffer later in smb2_ioctl_query_ioctl(). Additionally, the code failed to properly validate buffer sizes smaller than 8 bytes when handling SMB2_SET_INFO FileEndOfFileInformation requests with smb_query_info::flags=PASSTHRU_SET_INFO (Kernel Git).

The vulnerability can result in a kernel panic due to NULL pointer dereference, potentially leading to denial of service conditions. When exploited, it causes a general protection fault and system crash, as demonstrated by the proof-of-concept code (Kernel Git).

The vulnerability has been patched in the Linux kernel by adding proper validation of output buffer lengths and ensuring buffer size requirements are met. The fix includes checking for non-zero output_buffer_length before calling memdup_user() and validating that buffer sizes are at least 8 bytes for certain operations (Kernel Git).