CVE-2022-49722: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a memory corruption vulnerability (CVE-2022-49722) was discovered in the ice Virtual Function (VF) driver. The issue occurs when a VF requests a reset while having enabled queues, and the Physical Function (PF) driver assumes the VF is disabled. In this scenario, the VF may unmap DMA resources while the device can still map packets to memory, leading to silent memory corruption (Kernel Commit).

The vulnerability stems from a race condition where the VF driver's queues remain enabled even when the VF is considered disabled. When the VF unmaps its DMA resources, the device continues to map packets to memory addresses that are no longer valid, resulting in memory corruption. The issue was introduced by commit ec4f5a436bdf ("ice: Check if VF is disabled for Opcode and other operations") and was fixed by adding proper queue cleanup when the VF is disabled (Kernel Commit).

The vulnerability can lead to memory corruption in the kernel space, which may result in system crashes or potentially allow an attacker to execute arbitrary code. This was demonstrated by a kernel crash with a NULL pointer dereference at virtual address 00001b9780003237 (Kernel Commit).

The fix involves properly disabling VF's RX/TX queues when the VF is disabled. This is implemented by adding calls to icevsistoplantxrings() and icevsistopallrxrings() in the iceresetvf() function when iceisvf_disabled(vf) returns true (Kernel Commit).