Linux Kernel up to 5.4.214/5.10.147/5.15.67/5.19.8 ALSA snd_pcm_oss_sync null pointer dereference

Summaryinfo

A vulnerability has been found in Linux Kernel up to 5.4.214/5.10.147/5.15.67/5.19.8 and classified as critical. Impacted is the function snd_pcm_oss_sync of the component ALSA. This manipulation causes null pointer dereference. This vulnerability is registered as CVE-2022-49733. No exploit is available. The affected component should be upgraded.

Detailsinfo

A vulnerability was found in Linux Kernel up to 5.4.214/5.10.147/5.15.67/5.19.8. It has been declared as critical. Affected by this vulnerability is the function snd_pcm_oss_sync of the component ALSA. The manipulation with an unknown input leads to a null pointer dereference vulnerability. The CWE definition for the vulnerability is CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. As an impact it is known to affect availability. The summary by CVE is:

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC There is a small race window at snd_pcm_oss_sync() that is called from OSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls snd_pcm_oss_make_ready() at first, then takes the params_lock mutex for the rest. When the stream is set up again by another thread between them, it leads to inconsistency, and may result in unexpected results such as NULL dereference of OSS buffer as a fuzzer spotted recently. The fix is simply to cover snd_pcm_oss_make_ready() call into the same params_lock mutex with snd_pcm_oss_make_ready_locked() variant.

The advisory is shared at git.kernel.org. This vulnerability is known as CVE-2022-49733 since 02/26/2025. The exploitation appears to be difficult. Technical details are known, but no exploit is available.

The vulnerability scanner Nessus provides a plugin with the ID 232347 (Linux Distros Unpatched Vulnerability : CVE-2022-49733), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 5.4.215, 5.10.148, 5.15.68 or 5.19.9 eliminates this vulnerability. Applying the patch 4051324a6dafd7053c74c475e80b3ba10ae672b0/fce793a056c604b41a298317cf704dae255f1b36/8015ef9e8a0ee5cecfd0cb6805834d007ab26f86/723ac5ab2891b6c10dd6cc78ef5456af593490eb/8423f0b6d513b259fdab9c9bf4aaa6188d054c2d is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the vulnerability database at Tenable (232347). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 5.4.214
• 5.10.147
• 5.15.0
• 5.15.1
• 5.15.2
• 5.15.3
• 5.15.4
• 5.15.5
• 5.15.6
• 5.15.7
• 5.15.8
• 5.15.9
• 5.15.10
• 5.15.11
• 5.15.12
• 5.15.13
• 5.15.14
• 5.15.15
• 5.15.16
• 5.15.17
• 5.15.18
• 5.15.19
• 5.15.20
• 5.15.21
• 5.15.22
• 5.15.23
• 5.15.24
• 5.15.25
• 5.15.26
• 5.15.27
• 5.15.28
• 5.15.29
• 5.15.30
• 5.15.31
• 5.15.32
• 5.15.33
• 5.15.34
• 5.15.35
• 5.15.36
• 5.15.37
• 5.15.38
• 5.15.39
• 5.15.40
• 5.15.41
• 5.15.42
• 5.15.43
• 5.15.44
• 5.15.45
• 5.15.46
• 5.15.47
• 5.15.48
• 5.15.49
• 5.15.50
• 5.15.51
• 5.15.52
• 5.15.53
• 5.15.54
• 5.15.55
• 5.15.56
• 5.15.57
• 5.15.58
• 5.15.59
• 5.15.60
• 5.15.61
• 5.15.62
• 5.15.63
• 5.15.64
• 5.15.65
• 5.15.66
• 5.15.67
• 5.19.0
• 5.19.1
• 5.19.2
• 5.19.3
• 5.19.4
• 5.19.5
• 5.19.6
• 5.19.7
• 5.19.8

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Discussion