Amazon Linux AMI: CVE-2022-48988: Security patch for kernel (ALAS-2023-1706)

In the Linux kernel, the following vulnerability has been resolved:

memcg: fix possible use-after-free in memcg_write_event_control()

memcg_write_event_control() accesses the dentry->d_name of the specified

control fd to route the write call. As a cgroup interface file can't be

renamed, it's safe to access d_name as long as the specified file is a

regular cgroup file. Also, as these cgroup interface files can't be

removed before the directory, it's safe to access the parent too.

Prior to 347c4a874710 ("memcg: remove cgroup_event->cft"), there was a

call to __file_cft() which verified that the specified file is a regular

cgroupfs file before further accesses. The cftype pointer returned from

__file_cft() was no longer necessary and the commit inadvertently dropped

the file type check with it allowing any file to slip through. With the

invarients broken, the d_name and parent accesses can now race against

renames and removals of arbitrary files and cause use-after-free's.

Fix the bug by resurrecting the file type check in __file_cft(). Now that

cgroupfs is implemented through kernfs, checking the file operations needs

to go through a layer of indirection. Instead, let's check the superblock

and dentry type.