CVE-2022-50459: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50459 is a vulnerability in the Linux kernel affecting the iSCSI TCP implementation. The issue was discovered and reported to the Linux kernel maintainers, involving a null pointer dereference vulnerability that occurs when freeing a socket while simultaneously accessing it via sysfs (NVD).

The vulnerability stems from a race condition in the iSCSI TCP implementation where a NULL pointer crash occurs during concurrent socket operations. The issue arises because iscsiswtcpconngetparam() and iscsiswtcphostgetparam() functions take the frwdlock and perform sockhold() before dropping the lock. While sockhold() performs a get operation on the 'struct sock', iscsiswtcpreleaseconn() executes sockfdput() which performs the last put on the 'struct socket', leading to _sockrelease() setting sock->ops to NULL. Subsequently, when kernel_getpeername() is called, it attempts to access the now-NULL sock->ops pointer (NVD).

The vulnerability can result in a system crash due to null pointer dereference when accessing iSCSI TCP connections through sysfs, potentially affecting system stability and availability (NVD).

The issue has been resolved by implementing a mutex-based approach for accessing the socket in the interface code paths, replacing the previous refcount-based solution. This change was made because the network layer started taking a mutex in that path, making it impossible to hold the frwd_lock (NVD).