CVE-2022-49291

HIGH 7.8

ALSA: pcm: Fix races among concurrent hw_params and hw_free calls

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls Currently we have neither proper check nor protection against the concurrent calls of PCM hw_params and hw_free ioctls, which may result in a UAF. Since the existing PCM stream lock can't be used for protecting the whole ioctl operations, we need a new mutex to protect those racy calls. This patch introduced a new mutex, runtime->buffer_mutex, and applies it to both hw_params and hw_free ioctl code paths. Along with it, the both functions are slightly modified (the mmap_count check is moved into the state-check block) for code simplicity.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Feb 26, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < a42aa926843acca96c0dfbde2e835b8137f2f092 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9cb6c40a6ebe4a0cfc9d6a181958211682cffea9 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < fbeb492694ce0441053de57699e1e2b7bc148a69 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0f6947f5f5208f6ebd4d76a82a4757e2839a23f8 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 33061d0fba51d2bf70a2ef9645f703c33fe8e438 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0090c13cbbdffd7da079ac56f80373a9a1be0bf8 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1bbf82d9f961414d6c76a08f7f843ea068e0ab7b 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 92ee3c60ec9fe64404dc035e7c41277d74aa26cb

Linux / Linux

2.6.12

References

NVD ↗ CVE.org ↗ EPSS Data ↗