CVE-2022-49272: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49272 affects the Linux kernel's ALSA (Advanced Linux Sound Architecture) PCM subsystem. The vulnerability was discovered by syzbot and involves a potential deadlock between the PCM runtime->buffermutex and the mm->mmaplock. This issue was introduced by a recent fix for racy read/write operations and other ioctls, specifically affecting the OSS mmap operation (Kernel Git).

The vulnerability stems from a corner case in the OSS mmap operation where parameters can be reconfigured inside the OSS mmap syscall while mm->mmapmutex is held. Simultaneously, copyfrom/touser calls in read/write operations also take the mm->mmaplock internally, potentially leading to an AB/BA deadlock. This scenario creates a race condition between the buffermutex and mmaplock (Kernel Git).

The vulnerability can result in a system deadlock when concurrent access occurs through both ALSA and OSS APIs. This could lead to system unresponsiveness or require a system restart to recover from the locked state (NVD).

The issue has been fixed by replacing the buffermutex lock in read/write operations with a refcount mechanism. The new implementation uses runtime->bufferaccessing to track concurrent read/write operations, with negative values indicating blocked operations. The fix ensures proper synchronization between ALSA and OSS APIs (Kernel Git).