Bug 2347885 (CVE-2022-49045)
| Summary: | CVE-2022-49045 kernel: ALSA: pcm: Test for "silence" field in struct "pcm_format_data" | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | dfreiber, drow, jburrell, vkumar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
[REJECTED CVE] CVE-2022-49045 pertains to a vulnerability identified in the Linux kernel's Advanced Linux Sound Architecture (ALSA) subsystem, specifically within the PCM (Pulse Code Modulation) component. The issue stemmed from insufficient validation of the "silence" field in the pcm_format_data structure. This oversight could lead to a null pointer dereference during certain audio operations, potentially causing a system crash.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2025-02-26 03:10:11 UTC
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2025022650-CVE-2022-49045-7d21@gregkh/T This CVE has been rejected upstream: https://lore.kernel.org/linux-cve-announce/2025030209-REJECTED-33ef@gregkh/ |