Use-After-Free Vulnerability in Linux Kernel ASoC Core Component
CVE-2022-49842

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2025

Summary

A use-after-free vulnerability was identified in the Linux kernel's ASoC core component. This issue arises during the initialization and exit processes of the sound system, specifically when the 'snd_soc_util_init()' function fails and the error is neglected. The failure leads to the 'soc_dummy_dev' being unregistered multiple times, triggering a use-after-free condition. This vulnerability may affect system stability and could be exploited in a way that compromises the integrity of kernel memory, resulting in unpredictable behavior or system crashes. The resolution involved proper error handling during initialization to prevent such occurrences.

Affected Version(s)

Linux fb257897bf20c5f0e1df584bb5b874e811651263 < 41fad4f712e081acdfde8b59847f9f66eaf407a0

Linux fb257897bf20c5f0e1df584bb5b874e811651263 < 90bbdf30a51e42378cb23a312005a022794b8e1e

Linux fb257897bf20c5f0e1df584bb5b874e811651263

References

https://git.kernel.org/stable/c/41fad4f712e081acdfde8b598...

https://git.kernel.org/stable/c/90bbdf30a51e42378cb23a312...

https://git.kernel.org/stable/c/a3365e62239dc064019a244bd...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 1, 2025
Vulnerability Reserved
May 1, 2025