CVE-2022-49724: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49724 is a vulnerability in the Linux kernel's TTY Goldfish driver that was discovered and resolved in 2022. The issue involves an incorrect device ID being passed to the free_irq() function during driver removal, which could result in attempting to free an already-freed IRQ 65. This vulnerability affects various Linux distributions and kernel versions (Ubuntu Security).

The vulnerability stems from a coding error in the goldfishttyremove function within the TTY Goldfish driver. When the driver is unbound, it incorrectly passes the platform device (pdev) instead of the TTY device (qtty) as the devid parameter to freeirq(), causing a warning at kernel/irq/manage.c:1895. The issue was fixed by modifying the free_irq() call to use the correct device ID parameter (Kernel Git).

When triggered, this vulnerability causes a kernel warning and potential system instability due to improper IRQ resource management. The issue manifests when the Goldfish TTY driver is being removed, potentially affecting system operations that rely on proper IRQ handling (Red Hat XML).

The issue has been fixed in various Linux kernel versions through a patch that corrects the devid parameter passed to freeirq(). Several distributions have released updates, including Ubuntu 18.04 LTS (bionic) which received the fix in version 4.15.0-194.205. Users are advised to update their systems to the patched versions (Ubuntu Security).