CVE-2022-50159: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50159 affects the Linux kernel's Integrity Measurement Architecture (IMA) functionality. The vulnerability was discovered in the imagetkexec_buffer() function which fails to verify if the previous kernel's ima-kexec-buffer lies within the addressable memory range (NVD, Wiz).

The vulnerability occurs when imagetkexec_buffer() doesn't validate whether the previous kernel's ima-kexec-buffer is within addressable memory bounds. This can trigger a kernel panic if the new kernel is booted with 'mem=X' argument and the ima-kexec-buffer was allocated beyond that range by the previous kernel. The issue manifests as a kernel data access error on read operations, typically resulting in a BUG message indicating inability to handle kernel data access (NVD).

When exploited, this vulnerability results in a kernel panic, causing system instability and potential denial of service. The issue specifically affects systems using kexec functionality with IMA enabled (Wiz).

The issue has been fixed by implementing checks on the returned PFN range of the previous kernel's ima-kexec-buffer using pageisram() to ensure correct memory bounds. Various Linux distributions have released patches, including Debian which has fixed versions available in bookworm (6.1.137-1) and later releases (Debian Tracker).