7.8

CVE-2022-49291

ALSA: pcm: Fix races among concurrent hw_params and hw_free calls

In the Linux kernel, the following vulnerability has been resolved:

ALSA: pcm: Fix races among concurrent hw_params and hw_free calls

Currently we have neither proper check nor protection against the
concurrent calls of PCM hw_params and hw_free ioctls, which may result
in a UAF.  Since the existing PCM stream lock can't be used for
protecting the whole ioctl operations, we need a new mutex to protect
those racy calls.

This patch introduced a new mutex, runtime->buffer_mutex, and applies
it to both hw_params and hw_free ioctl code paths.  Along with it, the
both functions are slightly modified (the mmap_count check is moved
into the state-check block) for code simplicity.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 4.14.279
LinuxLinux Kernel Version >= 4.15 < 4.19.243
LinuxLinux Kernel Version >= 4.20 < 5.4.193
LinuxLinux Kernel Version >= 5.5 < 5.10.109
LinuxLinux Kernel Version >= 5.11 < 5.15.32
LinuxLinux Kernel Version >= 5.16 < 5.16.18
LinuxLinux Kernel Version >= 5.17 < 5.17.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.29% 0.209
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/0090c13cbbdffd7da079ac56f80373a9a1be0bf8
Patch
https://git.kernel.org/stable/c/0f6947f5f5208f6ebd4d76a82a4757e2839a23f8
Patch
https://git.kernel.org/stable/c/1bbf82d9f961414d6c76a08f7f843ea068e0ab7b
Patch
https://git.kernel.org/stable/c/33061d0fba51d2bf70a2ef9645f703c33fe8e438
Patch
https://git.kernel.org/stable/c/92ee3c60ec9fe64404dc035e7c41277d74aa26cb
Patch
https://git.kernel.org/stable/c/9cb6c40a6ebe4a0cfc9d6a181958211682cffea9
Patch
https://git.kernel.org/stable/c/a42aa926843acca96c0dfbde2e835b8137f2f092
Patch
https://git.kernel.org/stable/c/fbeb492694ce0441053de57699e1e2b7bc148a69
Patch