CVE-2022-49341: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49341 is a vulnerability in the Linux kernel's BPF (Berkeley Packet Filter) subsystem, specifically affecting the ARM64 architecture. The issue was discovered when syzbot reported an illegal copytouser() attempt from bpfproggetinfoby_fd(). The vulnerability was exposed by commit 0aef499f3172 ("mm/usercopy: Detect vmalloc overruns") which revealed a pre-existing bug in the BPF ARM64 implementation (Kernel Git).

The vulnerability occurs when bpfproggetinfobyfd() examines prog->jitedlen to determine if the JIT image can be copied to user space. The bug manifests when prog->jitedlen is set to a value (in the reported case, 43) while prog->bpffunc has been cleared. This mismatch leads to an illegal copytouser() attempt, triggering a kernel BUG when attempting to access NULL pointer dereference (Kernel Git).

When triggered, the vulnerability causes a kernel BUG and system crash, leading to a denial of service condition. The issue manifests as an "Oops" error in the kernel, specifically with a NULL pointer dereference at virtual address 0x0 (Kernel Git).

The issue has been fixed by ensuring that prog->jitedlen is cleared along with prog->jited and prog->bpffunc. The fix involves adding a single line of code to clear prog->jited_len when the JIT compilation fails. The patch has been merged into the mainline kernel (Kernel Git).