216.73.216.170

CVE-2022-49733

· Published 02/03/2025 15:15 · Modified 05/03/2025 14:54

Labels: CVE-2022-49733 2025-03-02416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2022-49733CWE-362

Essential information

Published
02/03/2025 15:15
Modified
05/03/2025 14:54
Author
Creator
CVSS
4.7 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC There is a small race window at snd_pcm_oss_sync() that is called from OSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls snd_pcm_oss_make_ready() at first, then takes the params_lock mutex for the rest. When the stream is set up again by another thread between them, it leads to inconsistency, and may result in unexpected results such as NULL dereference of OSS buffer as a fuzzer spotted recently. The fix is simply to cover snd_pcm_oss_make_ready() call into the same params_lock mutex with snd_pcm_oss_make_ready_locked() variant.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD
View on NVD

Affected products (CPE)

ProductCPE
linux / linux kernel cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.0:rc4:*:*:*:*:*:*

References