Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: jack: Access input_dev under mutex It is possible when using ASoC that input_dev is unregistered while calling snd_jack_report, which causes NULL pointer dereference. In order to prevent this serialize access to input_dev using mutex lock.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 4.9.318 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/1b6a6fc5280e97559287b61eade2d4b363e836f2Patch
- https://git.kernel.org/stable/c/582aea6084cc59fec881204f026816d1219f2348Patch
- https://git.kernel.org/stable/c/5cc6f623f4818c7d7e9e966a45ebf324901ca9c5Patch
- https://git.kernel.org/stable/c/74bab3bcf422593c582e47130aa8eb41ebb2dc09Patch
- https://git.kernel.org/stable/c/8487a88136d54a1a4d3f26f1399685db648ab879Patch
- https://git.kernel.org/stable/c/9e6a73b0c0f2014eb89249fb1640c5a3d58221c4Patch
- https://git.kernel.org/stable/c/c093b62c40027c21d649c5534ad7aa3605a99b00Patch
- https://git.kernel.org/stable/c/e2b8681769f6e205382f026b907d28aa5ec9d59aPatch
- https://git.kernel.org/stable/c/f68bed124c7699e23ffb4ce4fcc84671e9193cdePatch
FAQ
What is CVE-2022-49538?
CVE-2022-49538 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: ALSA: jack: Access input_dev under mutex It is possible when using ASoC that input_dev is unregistered while calling snd_jack_repo...
How severe is CVE-2022-49538?
CVE-2022-49538 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-49538?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.