CVE-2022-49706: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49706 is a vulnerability in the Linux kernel's zonefs filesystem implementation. The issue was discovered when a readahead operation is issued to a sequential zone file with an offset exactly equal to the current file size. In this case, the iomap type is incorrectly set to IOMAP_UNWRITTEN, which prevents IO operations, while the iomap length is calculated as 0. This vulnerability was disclosed in February 2025 (NVD).

The vulnerability manifests in the zonefsiomapbegin() function where incorrect handling of file offsets leads to a WARNON() condition in iomapiter(). When triggered, it causes iomapreadahead() to enter an infinite loop as iomapreadaheaditer() continuously returns 0, making no progress. The issue was fixed by treating reads after the file size as access to holes, setting the iomap type to IOMAPHOLE, the iomap addr to IOMAPNULLADDR, and using the length argument as is for the iomap length (Kernel Commit).

The vulnerability can cause system instability through infinite loops in the kernel's readahead functionality, potentially leading to resource exhaustion and system performance degradation when accessing files on zonefs filesystems (NVD).

The issue has been fixed by splitting zonefsiomapbegin() into two variants: zonefsreadiomapbegin() for read operations and zonefswriteiomapbegin() for write operations. The fix has been incorporated into the Linux kernel codebase (Kernel Commit).