CVE-2022-49520: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49520 affects the Linux kernel's arm64 compatibility mode handling of system calls. The vulnerability was discovered when a compatibility process attempts to execute an unknown system call above the _ARMNRCOMPATEND number. The issue lies in how the kernel interprets and displays error messages for invalid system calls, potentially showing misleading exception information (Kernel Git).

The vulnerability occurs in the error handling path of compatarmsyscall() where current->thread.faultcode is set with the bad syscall number instead of a valid ESRELx value. This causes arm64showsignal() to misinterpret the syscall number as an exception syndrome (ESRELx.EC field), resulting in incorrect error messages being displayed. For example, a syscall number of 0x68000000 would be interpreted as ESRELx.EC value of 0x1A (ESRELxEC_FPAC), leading to misleading error messages about pointer authentication (Kernel Git).

The vulnerability results in misleading error messages being displayed in the kernel log when invalid system calls are made. While this primarily affects debugging and system monitoring, it could potentially lead to confusion during security analysis or system troubleshooting by displaying incorrect exception information (Kernel Git).

The issue has been fixed by modifying compatarmsyscall() to set the ESR_ELx value to 0 when handling invalid system calls, preventing the display of incorrect exception syndrome information. The fix has been implemented in various Linux kernel versions including 5.10.234-1 for Debian bullseye and 6.1.129-1 for Debian bookworm (Debian Tracker).