2349258 – (CVE-2022-49733) CVE-2022-49733 kernel: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC

Bug 2349258 (CVE-2022-49733) - CVE-2022-49733 kernel: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC

Summary: CVE-2022-49733 kernel: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC

Keywords:
Status:	NEW
Alias:	CVE-2022-49733
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-03-02 15:01 UTC by OSIDB Bzimport
Modified:	2025-03-03 09:15 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-03-02 15:01:06 UTC

In the Linux kernel, the following vulnerability has been resolved:

ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC

There is a small race window at snd_pcm_oss_sync() that is called from
OSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls
snd_pcm_oss_make_ready() at first, then takes the params_lock mutex
for the rest.  When the stream is set up again by another thread
between them, it leads to inconsistency, and may result in unexpected
results such as NULL dereference of OSS buffer as a fuzzer spotted
recently.

The fix is simply to cover snd_pcm_oss_make_ready() call into the same
params_lock mutex with snd_pcm_oss_make_ready_locked() variant.

Comment 1 Mauro Matteo Cascella 2025-03-03 09:10:02 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025030256-CVE-2022-49733-c0f1@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.