CVE-2022-49664: 
Linux Kernel vulnerability analysis and mitigation

A NULL pointer dereference vulnerability was discovered in the Linux kernel's TIPC (Transparent Inter-Process Communication) subsystem, tracked as CVE-2022-49664. The vulnerability was found in the broadcast link creation process where a race condition could occur between node creation and link establishment. When creating a node in tipcnodecheckdest(), after inserting the new node into the hashtable in tipcnode_create(), it creates the broadcast link. However, there was a gap between this insert and broadcast link creation, where a broadcast packet could arrive and retrieve the node from the hashtable then attempt to dereference its broadcast link, which would be NULL (Kernel Patch).

The vulnerability manifests as a NULL pointer dereference in the TIPC module. The crash occurs in the tipclinkisup function when the 'l' parameter passed into tipcbcast_rcv() is NULL. The issue stems from a race condition in the node creation process where a broadcast link is created after the node is inserted into the hashtable. The vulnerability affects Linux kernel versions from 5.11 through 5.15.53, 5.16 through 5.18.10, and other versions in that range (NVD). The vulnerability has a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

The vulnerability can lead to a kernel crash through NULL pointer dereference when processing TIPC broadcast messages. This could result in a denial of service condition on affected systems. The impact is limited to availability with no direct impact on confidentiality or integrity (NVD).

The vulnerability was fixed by moving the broadcast link creation before inserting the node into the hashtable in the tipcnodecreate function. The fix ensures that the broadcast link is created before any other components can access the node, preventing the race condition. The patch has been applied to affected kernel versions (Kernel Patch).