-

CVE-2022-50229

EPSS 0.05%
Veröffentlicht 18.06.2025 11:04:06
Zuletzt bearbeitet 18.06.2025 13:47:40
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

ALSA: bcd2000: Fix a UAF bug on the error path of probing

When the driver fails in snd_card_register() at probe time, it will free
the 'bcd2k->midi_out_urb' before killing it, which may cause a UAF bug.

The following log can reveal it:

[   50.727020] BUG: KASAN: use-after-free in bcd2000_input_complete+0x1f1/0x2e0 [snd_bcd2000]
[   50.727623] Read of size 8 at addr ffff88810fab0e88 by task swapper/4/0
[   50.729530] Call Trace:
[   50.732899]  bcd2000_input_complete+0x1f1/0x2e0 [snd_bcd2000]

Fix this by adding usb_kill_urb() before usb_free_urb().

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < a718eba7e458e2f40531be3c6b6a0028ca7fcace

Version b47a22290d581277be70e8a597824a4985d39e83

Status affected

Version < 4fc41f7ebb7efca282f1740ea934d16f33c1d109

Version b47a22290d581277be70e8a597824a4985d39e83

Status affected

Version < 5e7338f4dd92b2f8915a82abfa1dd3ad3464bea0

Version b47a22290d581277be70e8a597824a4985d39e83

Status affected

Version < 05e0bb8c3c4dde3e21b9c1cf9395afb04e8b24db

Version b47a22290d581277be70e8a597824a4985d39e83

Status affected

Version < 348620464a5c127399ac09b266f494f393661952

Version b47a22290d581277be70e8a597824a4985d39e83

Status affected

Version < 64ca7f50ad96c2c65ae390b954925a36eabe04aa

Version b47a22290d581277be70e8a597824a4985d39e83

Status affected

Version < 1d6a246cf97c380f2da76591f03019dd9c9599c3

Version b47a22290d581277be70e8a597824a4985d39e83

Status affected

Version < b0d4af0a4763ddc02344789ef2a281c494bc330d

Version b47a22290d581277be70e8a597824a4985d39e83

Status affected

Version < ffb2759df7efbc00187bfd9d1072434a13a54139

Version b47a22290d581277be70e8a597824a4985d39e83

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 3.16

Status affected

Version < 3.16

Version 0

Status unaffected

Version <= 4.9.*

Version 4.9.326

Status unaffected

Version <= 4.14.*

Version 4.14.291

Status unaffected

Version <= 4.19.*

Version 4.19.256

Status unaffected

Version <= 5.4.*

Version 5.4.211

Status unaffected

Version <= 5.10.*

Version 5.10.137

Status unaffected

Version <= 5.15.*

Version 5.15.61

Status unaffected

Version <= 5.18.*

Version 5.18.18

Status unaffected

Version <= 5.19.*

Version 5.19.2

Status unaffected

Version <= *

Version 6.0

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.147

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/a718eba7e458e2f40531be3c6b6a0028ca7fcace

https://git.kernel.org/stable/c/4fc41f7ebb7efca282f1740ea934d16f33c1d109

https://git.kernel.org/stable/c/5e7338f4dd92b2f8915a82abfa1dd3ad3464bea0

https://git.kernel.org/stable/c/05e0bb8c3c4dde3e21b9c1cf9395afb04e8b24db

https://git.kernel.org/stable/c/348620464a5c127399ac09b266f494f393661952

https://git.kernel.org/stable/c/64ca7f50ad96c2c65ae390b954925a36eabe04aa

https://git.kernel.org/stable/c/1d6a246cf97c380f2da76591f03019dd9c9599c3

https://git.kernel.org/stable/c/b0d4af0a4763ddc02344789ef2a281c494bc330d

https://git.kernel.org/stable/c/ffb2759df7efbc00187bfd9d1072434a13a54139

https://nvd.nist.gov/vuln/detail/CVE-2022-50229

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50229

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50229

EUVD