CVE-2022-49291
Published: Feb 26, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls Currently we have neither proper check nor protection against the concurrent calls of PCM hw_params and hw_free ioctls, which may result in a UAF. Since the existing PCM stream lock can't be used for protecting the whole ioctl operations, we need a new mutex to protect those racy calls. This patch introduced a new mutex, runtime->buffer_mutex, and applies it to both hw_params and hw_free ioctl code paths. Along with it, the both functions are slightly modified (the mmap_count check is moved into the state-check block) for code simplicity.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < a42aa926843acca96c0dfbde2e835b8137f2f092affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 9cb6c40a6ebe4a0cfc9d6a181958211682cffea9affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < fbeb492694ce0441053de57699e1e2b7bc148a69affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 0f6947f5f5208f6ebd4d76a82a4757e2839a23f8affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 33061d0fba51d2bf70a2ef9645f703c33fe8e438+3 more versions |
Linux | Linux | affected 2.6.12unaffected 0 - < 2.6.12unaffected 4.14.279 - <= 4.14.*unaffected 4.19.243 - <= 4.19.*unaffected 5.4.193 - <= 5.4.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now