Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC There is a small race window at snd_pcm_oss_sync() that is called from OSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls snd_pcm_oss_make_ready() at first, then takes the params_lock mutex for the rest. When the stream is set up again by another thread between them, it leads to inconsistency, and may result in unexpected results such as NULL dereference of OSS buffer as a fuzzer spotted recently. The fix is simply to cover snd_pcm_oss_make_ready() call into the same params_lock mutex with snd_pcm_oss_make_ready_locked() variant.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 5.4.215 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/4051324a6dafd7053c74c475e80b3ba10ae672b0Patch
- https://git.kernel.org/stable/c/723ac5ab2891b6c10dd6cc78ef5456af593490ebPatch
- https://git.kernel.org/stable/c/8015ef9e8a0ee5cecfd0cb6805834d007ab26f86Patch
- https://git.kernel.org/stable/c/8423f0b6d513b259fdab9c9bf4aaa6188d054c2dPatch
- https://git.kernel.org/stable/c/fce793a056c604b41a298317cf704dae255f1b36Patch
FAQ
What is CVE-2022-49733?
CVE-2022-49733 is a vulnerability with a CVSS score of 4.7 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC There is a small race window at snd_pcm_oss_sync() that is called from OSS PCM SNDCTL_...
How severe is CVE-2022-49733?
CVE-2022-49733 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-49733?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.