Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses the newly allocated voices as if it never wrapped around. This results in out of bounds access if the first voice has a high enough index so that first_voice + requested_voice_count > NUM_G (64). The more voices are requested, the more likely it is for this to occur. This was initially discovered using PipeWire, however it can be reproduced by calling aplay multiple times with 16 channels: aplay -r 48000 -D plughw:CARD=Live,DEV=3 -c 16 /dev/zero UBSAN: array-index-out-of-bounds in sound/pci/emu10k1/emupcm.c:127:40 index 65 is out of range for type 'snd_emu10k1_voice [64]' CPU: 1 PID: 31977 Comm: aplay Tainted: G W IOE 6.0.0-rc2-emu10k1+ #7 Hardware name: ASUSTEK COMPUTER INC P5W DH Deluxe/P5W DH Deluxe, BIOS 3002 07/22/2010 Call Trace: <TASK> dump_stack_lvl+0x49/0x63 dump_stack+0x10/0x16 ubsan_epilogue+0x9/0x3f __ubsan_handle_out_of_bounds.cold+0x44/0x49 snd_emu10k1_playback_hw_params+0x3bc/0x420 [snd_emu10k1] snd_pcm_hw_params+0x29f/0x600 [snd_pcm] snd_pcm_common_ioctl+0x188/0x1410 [snd_pcm] ? exit_to_user_mode_prepare+0x35/0x170 ? do_syscall_64+0x69/0x90 ? syscall_exit_to_user_mode+0x26/0x50 ? do_syscall_64+0x69/0x90 ? exit_to_user_mode_prepare+0x35/0x170 snd_pcm_ioctl+0x27/0x40 [snd_pcm] __x64_sys_ioctl+0x95/0xd0 do_syscall_64+0x5c/0x90 ? do_syscall_64+0x69/0x90 ? do_syscall_64+0x69/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 4.9.328 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/39a90720f3abe96625d1224e7a7463410875de4cPatch
- https://git.kernel.org/stable/c/4204a01ffce97cae1d59edc5848f02be5b2b9178Patch
- https://git.kernel.org/stable/c/45321a7d02b7cf9b3f97e3987fc1e4d649b82da2Patch
- https://git.kernel.org/stable/c/45814a53514e10a8014906c882e0d0d38df39cc1Patch
- https://git.kernel.org/stable/c/637c5310acb48fffcc5657568db3f3e9bc719bfaPatch
- https://git.kernel.org/stable/c/6b0e260ac3cf289e38446552461caa65e6dab275Patch
- https://git.kernel.org/stable/c/88aac6684cf8bc885cca15463cb4407e91f28ff7Patch
- https://git.kernel.org/stable/c/d29f59051d3a07b81281b2df2b8c9dfe4716067fPatch
- https://git.kernel.org/stable/c/39a90720f3abe96625d1224e7a7463410875de4cPatch
- https://git.kernel.org/stable/c/4204a01ffce97cae1d59edc5848f02be5b2b9178Patch
- https://git.kernel.org/stable/c/45321a7d02b7cf9b3f97e3987fc1e4d649b82da2Patch
- https://git.kernel.org/stable/c/45814a53514e10a8014906c882e0d0d38df39cc1Patch
- https://git.kernel.org/stable/c/637c5310acb48fffcc5657568db3f3e9bc719bfaPatch
- https://git.kernel.org/stable/c/6b0e260ac3cf289e38446552461caa65e6dab275Patch
- https://git.kernel.org/stable/c/88aac6684cf8bc885cca15463cb4407e91f28ff7Patch
FAQ
What is CVE-2022-48702?
CVE-2022-48702 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from ne...
How severe is CVE-2022-48702?
CVE-2022-48702 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-48702?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.