Bug 2320706 (CVE-2022-48994) - CVE-2022-48994 kernel: ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event
Summary: CVE-2022-48994 kernel: ALSA: seq: Fix function prototype mismatch in snd_seq_...
Keywords:
Status: NEW
Alias: CVE-2022-48994
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-10-21 21:04 UTC by OSIDB Bzimport
Modified: 2024-10-22 08:50 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2024-10-21 21:04:01 UTC 
In the Linux kernel, the following vulnerability has been resolved:

ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event

With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),
indirect call targets are validated against the expected function
pointer prototype to make sure the call target is valid to help mitigate
ROP attacks. If they are not identical, there is a failure at run time,
which manifests as either a kernel panic or thread getting killed.

seq_copy_in_user() and seq_copy_in_kernel() did not have prototypes
matching snd_seq_dump_func_t. Adjust this and remove the casts. There
are not resulting binary output differences.

This was found as a result of Clang's new -Wcast-function-type-strict
flag, which is more sensitive than the simpler -Wcast-function-type,
which only checks for type width mismatches.
Comment 1 Avinash Hanwate 2024-10-22 07:25:09 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024102149-CVE-2022-48994-530f@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.