CVE-2022-49947: 
Linux Debian vulnerability analysis and mitigation

CVE-2022-49947 is a vulnerability in the Linux kernel's binder subsystem that was discovered and reported by Syzbot. The vulnerability was introduced by commit 44e602b4e52f which added missing mmaplock calls when using the VMA. The issue occurs when alloc->vmavmmm has not been initialized yet, which can happen if a binderproc receives a transaction without having previously called mmap() to setup the binder_proc->alloc space (NVD).

The vulnerability manifests as a null pointer dereference in the range [0x0000000000000128-0x000000000000012f]. The issue occurs in two scenarios: first, when attempting to acquire the mmaplock when alloc->vmavmmm has not been initialized, and second, via binderallocprintpages() when attempting to dump the debugfs binder stats file. The crash occurs in the _lockacquire function within the kernel's locking subsystem (Wiz).

The vulnerability can result in a kernel crash due to null pointer dereference, potentially affecting system stability and availability. This could lead to denial of service conditions on affected systems (Wiz).

The issue has been fixed by setting up the alloc->vmavmmm pointer during open() and caching directly from current->mm. This ensures a valid reference is available to take the mmap_lock during the scenarios described. The fix has been implemented in the Linux kernel (Wiz).