2347885 – (CVE-2022-49045) CVE-2022-49045 kernel: ALSA: pcm: Test for "silence" field in struct "pcm_format_data"

Bug 2347885 (CVE-2022-49045) - CVE-2022-49045 kernel: ALSA: pcm: Test for "silence" field in struct "pcm_format_data"

Summary: CVE-2022-49045 kernel: ALSA: pcm: Test for "silence" field in struct "pcm_for...

Keywords:
Status:	NEW
Alias:	CVE-2022-49045
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-02-26 03:10 UTC by OSIDB Bzimport
Modified:	2025-05-16 05:59 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-02-26 03:10:11 UTC

In the Linux kernel, the following vulnerability has been resolved:

ALSA: pcm: Test for "silence" field in struct "pcm_format_data"

Syzbot reports "KASAN: null-ptr-deref Write in
snd_pcm_format_set_silence".[1]

It is due to missing validation of the "silence" field of struct
"pcm_format_data" in "pcm_formats" array.

Add a test for valid "pat" and, if it is not so, return -EINVAL.

[1] https://lore.kernel.org/lkml/000000000000d188ef05dc2c7279@google.com/

Comment 1 Avinash Hanwate 2025-02-26 21:04:49 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022650-CVE-2022-49045-7d21@gregkh/T

Comment 4 TEJ RATHI 2025-05-16 05:59:04 UTC

This CVE has been rejected upstream: https://lore.kernel.org/linux-cve-announce/2025030209-REJECTED-33ef@gregkh/

Note You need to log in before you can comment on or make changes to this bug.