CVE-2022-49418: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49418 addresses a vulnerability in the Linux kernel's NFSv4 implementation where an uninitialized nfs4_label could be freed during referral lookup operations. The issue was discovered when a crash occurred during basic file system operations, specifically when executing an 'ls' command (Kernel Git).

The vulnerability stems from improper handling of the fattr structure in NFSv4 referral lookups. The issue occurs when the code attempts to free an uninitialized nfs4label during the referral lookup process. The bug was introduced by commit 9558a007dbc3 ('NFS: Remove the label from the nfs4lookup_res struct') and manifests as a system crash during filesystem operations (Kernel Git).

When triggered, this vulnerability causes a system crash with a kernel panic, disrupting system operations. The crash occurs during basic filesystem operations, specifically when attempting to list directory contents using the 'ls' command (Kernel Git).

The issue has been fixed by modifying the code to properly handle the fattr allocation and deallocation. The fix involves sending along the already-allocated fattr with nfs4fslocations and removing the memcpy of fattr. While this results in two additional allocations, it prevents the crash condition (Kernel Git).