Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent prealloc proc writes We have no protection against concurrent PCM buffer preallocation changes via proc files, and it may potentially lead to UAF or some weird problem. This patch applies the PCM open_mutex to the proc write operation for avoiding the racy proc writes and the PCM stream open (and further operations).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 4.14.279 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/37b12c16beb6f6c1c3c678c1aacbc46525c250f7Patch
- https://git.kernel.org/stable/c/51fce708ab8986a9879ee5da946a2cc120f1036dPatch
- https://git.kernel.org/stable/c/5ed8f8e3c4e59d0396b9ccf2e639711e24295bb6Patch
- https://git.kernel.org/stable/c/69534c48ba8ce552ce383b3dfdb271ffe51820c3Patch
- https://git.kernel.org/stable/c/a21d2f323b5a978dedf9ff1d50f101f85e39b3f2Patch
- https://git.kernel.org/stable/c/b560d670c87d7d40b3cf6949246fa4c7aa65a00aPatch
- https://git.kernel.org/stable/c/e14dca613e0a6ddc2bf6e360f16936a9f865205bPatch
- https://git.kernel.org/stable/c/e7786c445bb67a9a6e64f66ebd6b7215b153ff7dPatch
FAQ
What is CVE-2022-49288?
CVE-2022-49288 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent prealloc proc writes We have no protection against concurrent PCM buffer preallocation chang...
How severe is CVE-2022-49288?
CVE-2022-49288 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-49288?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.