CVE-2022-49721: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49721 affects the Linux kernel's arm64 ftrace functionality. The vulnerability stems from inconsistent handling of PLT (Procedure Linkage Table) entries when calling ftrace trampolines. This issue was introduced with the commit 3b23e4991fb66f6d ("arm64: implement ftrace with regs") and was discovered in June 2022 (Kernel Git).

The vulnerability occurs in the ftracemodifycall() function, which fails to properly handle PLT entries for trampoline calls. There are two possible failure scenarios: 1) When the old address requires a trampoline, the function uses an out-of-range address to generate the 'old' branch instruction, resulting in warnings and internal ftrace errors, or 2) When the old address doesn't require a trampoline but the new address does, it generates an out-of-range address for the 'new' branch instruction, leading to a BRK instruction replacement that can cause kernel panic (Kernel Git).

The vulnerability can lead to two primary impacts: 1) Internal ftrace errors that may affect system functionality but typically don't impact the rest of the system, or 2) In rarer cases, a kernel panic when a BRK instruction is executed after improper address handling (Kernel Git).

The vulnerability was fixed by implementing consistent PLT entry handling through a new helper function ftracefindcallableaddr(). This function is used by ftracemakecall(), ftracemakenop(), and ftracemodify_call() to ensure consistent PLT entry handling. The fix was implemented in the Linux kernel through commit a6253579977e4c6f7818eeb05bf2bc65678a7187 (Kernel Git).