CVE-2022-49291

Summary

CVE-2022-49291 is a vulnerability affecting the Linux kernel's ALSA (Advanced Linux Sound Architecture). The issue lies in the lack of proper checks and protection against concurrent calls of PCM (Pulse Code Modulation) hw_params and hw_free ioctls. These concurrent calls could result in a use-after-free (UAF) condition, potentially leading to arbitrary code execution or kernel crashes. To mitigate this risk, a new mutex, runtime->buffer_mutex, was introduced and applied to both hw_params and hw_free ioctl code paths. The functions were also modified for simplicity, with the mmap_count check moved into the state-check block.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.