CVE-2022-49733

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Mar 2, 2025

Updated: Mar 5, 2025

CWE ID 476

CWE ID 362

Summary

CVE-2022-49733 is a vulnerability in the Linux kernel's ALSA (Advanced Linux Sound Architecture) component. Specifically, it affects the oss driver in the pcm subsystem. The issue lies in a race condition at snd_pcm_oss_sync(), which is called during the execution of the OSS PCM SNDCTL_DSP_SYNC ioctl. This race window arises from the sequence of function calls: snd_pcm_oss_make_ready() is called first, followed by the acquisition of the params_lock mutex. If another thread sets up the stream between these steps, inconsistency ensues, and the system may encounter unexpected results, such as NULL dereferences of OSS buffers. The vulnerability was discovered through fuzzing. The fix involves modifying snd_pcm_oss_make_ready() to be executed under the params_lock mutex, by replacing it with snd_pcm_oss_make_ready_locked().

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Know What Matters

For Customers

For Partners