CVE-2022-48994
Published: Oct 21, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid to help mitigate ROP attacks. If they are not identical, there is a failure at run time, which manifests as either a kernel panic or thread getting killed. seq_copy_in_user() and seq_copy_in_kernel() did not have prototypes matching snd_seq_dump_func_t. Adjust this and remove the casts. There are not resulting binary output differences. This was found as a result of Clang's new -Wcast-function-type-strict flag, which is more sensitive than the simpler -Wcast-function-type, which only checks for type width mismatches.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < b38486e82ecb9f3046e0184205f6b61408fc40c9affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < e385360705a0b346bdb57ce938249175d0613b8aaffected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 2f46e95bf344abc4e74f8158901d32a869e0adb6affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 63badfed200219ca656968725f1a43df293ac936affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 15c42ab8d43acb73e2eba361ad05822c0af0ecfa+3 more versions |
Linux | Linux | affected 2.6.12unaffected 0 - < 2.6.12unaffected 4.9.336 - <= 4.9.*unaffected 4.14.302 - <= 4.14.*unaffected 4.19.269 - <= 4.19.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now