CVE-2022-49288

ALSA: pcm: Fix races among concurrent prealloc proc writes

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MITRE

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent prealloc proc writes We have no protection against concurrent PCM buffer preallocation
changes via proc files, and it may potentially lead to UAF or some
weird problem. This patch applies the PCM open_mutex to the proc
write operation for avoiding the racy proc writes and the PCM stream
open (and further operations).

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-02-26 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/e7786c445bb67a9a6e64f66ebd6b7215b153ff7d	2022-05-15
https://git.kernel.org/stable/c/e14dca613e0a6ddc2bf6e360f16936a9f865205b	2022-05-15
https://git.kernel.org/stable/c/37b12c16beb6f6c1c3c678c1aacbc46525c250f7	2022-05-12
https://git.kernel.org/stable/c/b560d670c87d7d40b3cf6949246fa4c7aa65a00a	2022-03-28
https://git.kernel.org/stable/c/51fce708ab8986a9879ee5da946a2cc120f1036d	2022-03-28
https://git.kernel.org/stable/c/a21d2f323b5a978dedf9ff1d50f101f85e39b3f2	2022-03-28
https://git.kernel.org/stable/c/5ed8f8e3c4e59d0396b9ccf2e639711e24295bb6	2022-03-28
https://git.kernel.org/stable/c/69534c48ba8ce552ce383b3dfdb271ffe51820c3	2022-03-22

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.14.279 Search vendor "Linux" for product "Linux Kernel" and version " < 4.14.279"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.19.243 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.243"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.193 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.193"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.109 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.109"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.32 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.32"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.16.18 Search vendor "Linux" for product "Linux Kernel" and version " < 5.16.18"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.17.1 Search vendor "Linux" for product "Linux Kernel" and version " < 5.17.1"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.18 Search vendor "Linux" for product "Linux Kernel" and version " < 5.18"		en		Affected