CVE-2022-1048

EPSS 0.01%
Veröffentlicht 29.04.2022 16:15:08
Zuletzt bearbeitet 21.11.2024 06:39:55
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 2.6.12 < 4.14.279

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.243

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.193

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.109

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.32

Linux ≫ Linux Kernel Version >= 5.16 < 5.16.18

Linux ≫ Linux Kernel Version5.17 Update-

Redhat ≫ Enterprise Linux Version8.0

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Netapp ≫ H300s Firmware Version-

Netapp ≫ H300s Version-

Netapp ≫ H500s Firmware Version-

Netapp ≫ H500s Version-

Netapp ≫ H700s Firmware Version-

Netapp ≫ H700s Version-

Netapp ≫ H410s Firmware Version-

Netapp ≫ H410s Version-

Netapp ≫ H300e Firmware Version-

Netapp ≫ H300e Version-

Netapp ≫ H500e Firmware Version-

Netapp ≫ H500e Version-

Netapp ≫ H700e Firmware Version-

Netapp ≫ H700e Version-

Netapp ≫ H410c Firmware Version-

Netapp ≫ H410c Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.01

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://www.debian.org/security/2022/dsa-5127

Third Party Advisory

https://www.debian.org/security/2022/dsa-5173

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2066706

Third Party Advisory

Issue Tracking

https://lore.kernel.org/lkml/20220322170720.3529-5-tiwai%40suse.de/T/#m1d3b791b815556012c6be92f1c4a7086b854f7f3

Patch

Mailing List

https://security.netapp.com/advisory/ntap-20220629-0001/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-1048

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1048

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1048

EUVD