Bug 2347842 (CVE-2022-49291) - CVE-2022-49291 kernel: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
Summary: CVE-2022-49291 kernel: ALSA: pcm: Fix races among concurrent hw_params and hw...
Keywords:
Status: NEW
Alias: CVE-2022-49291
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-26 03:08 UTC by OSIDB Bzimport
Modified: 2025-03-20 18:24 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-02-26 03:08:39 UTC 
In the Linux kernel, the following vulnerability has been resolved:

ALSA: pcm: Fix races among concurrent hw_params and hw_free calls

Currently we have neither proper check nor protection against the
concurrent calls of PCM hw_params and hw_free ioctls, which may result
in a UAF.  Since the existing PCM stream lock can't be used for
protecting the whole ioctl operations, we need a new mutex to protect
those racy calls.

This patch introduced a new mutex, runtime->buffer_mutex, and applies
it to both hw_params and hw_free ioctl code paths.  Along with it, the
both functions are slightly modified (the mmap_count check is moved
into the state-check block) for code simplicity.
Comment 1 Avinash Hanwate 2025-02-26 20:10:30 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022633-CVE-2022-49291-8c67@gregkh/T
Comment 4 Avinash Hanwate 2025-02-28 01:18:41 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022633-CVE-2022-49291-8c67@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.