CVE-2022-49700: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability (CVE-2022-49700) was discovered in the SLUB memory allocator's slab deactivation process. The issue stems from missing Transaction ID (TID) updates when deactivating CPU slabs in the __slab_alloc() function. This vulnerability affects the Linux kernel's memory management subsystem, specifically the SLUB allocator component (Kernel Git).

The vulnerability occurs in the fastpath of slab_alloc_node() which assumes c->slab stability based on TID consistency. However, two locations in __slab_alloc() fail to update the TID when deactivating the CPU slab. The issue involves a race condition between multiple operations on the same CPU and kmem_cache, where task preemption can lead to state inconsistency. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability can result in two types of corruption: objects getting lost in memory, or more severely, objects being freed onto the wrong slab's freelist. This latter case can corrupt the 'inuse' counter and potentially cause a page to be freed to the page allocator while it still contains slab objects, leading to use-after-free conditions (Kernel Git).

The issue has been fixed by adding proper TID updates during slab deactivation. The fix involves adding c->tid = next_tid(c->tid) calls at appropriate points in the code where the CPU slab is deactivated. This patch has been merged into the mainline kernel and backported to stable kernel versions (Kernel Git).