CVE-2022-49429: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49429 affects the Linux kernel's RDMA/hfi1 module. The vulnerability was discovered in the hfi1writeiter() function where a NULL pointer dereference can occur when the SDMA (System DMA) capability is disabled, leading to a kernel panic. This issue was publicly disclosed and patched in 2022 (Kernel Git).

The vulnerability occurs in the Linux kernel's HFI1 (Host Fabric Interface) driver when the module is loaded with HFI1CAPSDMA disabled. The issue manifests in the hfi1writeiter() function, which attempts to process SDMA requests without properly checking if SDMA is enabled. The vulnerability can be triggered through the following call stack: sdmaselectuserengine -> hfi1usersdmaprocessrequest -> hfi1writeiter -> doiterreadvwritev -> doiterwrite -> vfswritev -> dowritev -> dosyscall64 (Kernel Git).

When exploited, this vulnerability causes a kernel panic due to the NULL pointer dereference, resulting in system crashes. This can lead to denial of service conditions on affected systems where the HFI1 module is loaded with SDMA disabled (NVD).

The fix involves adding a check for SDMA capability in the hfi1writeiter() function and returning -EINVAL when SDMA is disabled. This prevents the NULL pointer dereference and subsequent kernel panic. The patch has been merged into the Linux kernel (Kernel Git).