CVE-2022-49288
Last modified
CVE-2022-49288 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent prealloc proc writes We have no protection against concurrent PCM buffer preallocation changes via proc files, and it may potentially lead to UAF or some weird problem. This patch applies the PCM open_mutex to the proc write operation for avoiding the racy proc writes and the PCM stream open (and further operations).. EPSS estimates a 0.26% chance of exploitation in the next 30 days.
Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent prealloc proc writes We have no protection against concurrent PCM buffer preallocation changes via proc files, and it may potentially lead to UAF or some weird problem. This patch applies the PCM open_mutex to the proc write operation for avoiding the racy proc writes and the PCM stream open (and further operations).
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 4.14.279 |
| Linux | Linux Kernel | >= 4.15, < 4.19.243 |
| Linux | Linux Kernel | >= 4.20, < 5.4.193 |
| Linux | Linux Kernel | >= 5.5, < 5.10.109 |
| Linux | Linux Kernel | >= 5.11, < 5.15.32 |
| Linux | Linux Kernel | >= 5.16, < 5.16.18 |
| Linux | Linux Kernel | >= 5.17, < 5.17.1 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2022-49288?
How severe is CVE-2022-49288?
How do I fix CVE-2022-49288?
Are you affected by CVE-2022-49288?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST