5.5
CVE-2022-49272
- EPSS 0.19%
- Veröffentlicht 26.02.2025 07:01:04
- Zuletzt bearbeitet 22.09.2025 20:32:39
- CVE-Watchlists
- Unerledigt
ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock syzbot caught a potential deadlock between the PCM runtime->buffer_mutex and the mm->mmap_lock. It was brought by the recent fix to cover the racy read/write and other ioctls, and in that commit, I overlooked a (hopefully only) corner case that may take the revert lock, namely, the OSS mmap. The OSS mmap operation exceptionally allows to re-configure the parameters inside the OSS mmap syscall, where mm->mmap_mutex is already held. Meanwhile, the copy_from/to_user calls at read/write operations also take the mm->mmap_lock internally, hence it may lead to a AB/BA deadlock. A similar problem was already seen in the past and we fixed it with a refcount (in commit b248371628aa). The former fix covered only the call paths with OSS read/write and OSS ioctls, while we need to cover the concurrent access via both ALSA and OSS APIs now. This patch addresses the problem above by replacing the buffer_mutex lock in the read/write operations with a refcount similar as we've used for OSS. The new field, runtime->buffer_accessing, keeps the number of concurrent read/write operations. Unlike the former buffer_mutex protection, this protects only around the copy_from/to_user() calls; the other codes are basically protected by the PCM stream lock. The refcount can be a negative, meaning blocked by the ioctls. If a negative value is seen, the read/write aborts with -EBUSY. In the ioctl side, OTOH, they check this refcount, too, and set to a negative value for blocking unless it's already being accessed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version5.10.109
Linux ≫ Linux Kernel Version5.15.32
Linux ≫ Linux Kernel Version5.16.18
Linux ≫ Linux Kernel Version5.17.1
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.09 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-667 Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
https://git.kernel.org/stable/c/40f4cffbe13a51faf136faf5f9ef6847782cd595
https://git.kernel.org/stable/c/7777744e92a0b30e3e0cce2758d911837011ebd9
https://git.kernel.org/stable/c/7e9133607e1501c94881be35e118d8f84d96dcb4
https://git.kernel.org/stable/c/9017201e8d8c6d1472273361389ed431188584a0
https://git.kernel.org/stable/c/9661bf674d6a82b76e4ae424438a8ce1e3ed855d
https://git.kernel.org/stable/c/abedf0d08c79d76da0d6fa0d5dbbc98871dcbc2e
https://git.kernel.org/stable/c/bc55cfd5718c7c23e5524582e9fa70b4d10f2433
https://git.kernel.org/stable/c/be9813ad2fc8f0885f5ce6925af0d993ce5da4e5