CVE-2022-49743: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49743 affects the Linux kernel and involves a vulnerability in the overlayfs (ovl) component. The issue was discovered in the flexible array handling for memcpy() destination in the filesystem's export functionality (NVD).

The vulnerability relates to the 'buf' flexible array implementation in the overlayfs component of the Linux kernel. Specifically, the issue occurs when the 'buf' flexible array is not properly used as the memcpy() destination, which can trigger false positive run-time warnings from FORTIFY_SOURCE hardening. The warning appears at fs/overlayfs/export.c:799 regarding a field-spanning write of size 93 to a single field '&fh->fb' of size 21 (NVD).

The vulnerability affects various Linux distributions, including Debian bullseye (5.10.223-1 and 5.10.234-1) which were marked as vulnerable, while later versions in bookworm (6.1.128-1 and newer) and sid/trixie (6.12.21-1) contained fixes (Debian Tracker).

The issue has been resolved in newer kernel versions. Debian has implemented fixes in bookworm (6.1.128-1 and later) and sid/trixie (6.12.21-1) releases. Users should upgrade to these patched versions to mitigate the vulnerability (Debian Tracker).