CVE-2022-49291

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://git.kernel.org/stable/c/0090c13cbbdffd7da079ac56f80373a9a1be0bf8", "name": "https://git.kernel.org/stable/c/0090c13cbbdffd7da079ac56f80373a9a1be0bf8", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/0f6947f5f5208f6ebd4d76a82a4757e2839a23f8", "name": "https://git.kernel.org/stable/c/0f6947f5f5208f6ebd4d76a82a4757e2839a23f8", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/1bbf82d9f961414d6c76a08f7f843ea068e0ab7b", "name": "https://git.kernel.org/stable/c/1bbf82d9f961414d6c76a08f7f843ea068e0ab7b", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/33061d0fba51d2bf70a2ef9645f703c33fe8e438", "name": "https://git.kernel.org/stable/c/33061d0fba51d2bf70a2ef9645f703c33fe8e438", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/92ee3c60ec9fe64404dc035e7c41277d74aa26cb", "name": "https://git.kernel.org/stable/c/92ee3c60ec9fe64404dc035e7c41277d74aa26cb", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/9cb6c40a6ebe4a0cfc9d6a181958211682cffea9", "name": "https://git.kernel.org/stable/c/9cb6c40a6ebe4a0cfc9d6a181958211682cffea9", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/a42aa926843acca96c0dfbde2e835b8137f2f092", "name": "https://git.kernel.org/stable/c/a42aa926843acca96c0dfbde2e835b8137f2f092", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/fbeb492694ce0441053de57699e1e2b7bc148a69", "name": "https://git.kernel.org/stable/c/fbeb492694ce0441053de57699e1e2b7bc148a69", "tags": ["Patch"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix races among concurrent hw_params and hw_free calls\n\nCurrently we have neither proper check nor protection against the\nconcurrent calls of PCM hw_params and hw_free ioctls, which may result\nin a UAF. Since the existing PCM stream lock can't be used for\nprotecting the whole ioctl operations, we need a new mutex to protect\nthose racy calls.\n\nThis patch introduced a new mutex, runtime->buffer_mutex, and applies\nit to both hw_params and hw_free ioctl code paths. Along with it, the\nboth functions are slightly modified (the mmap_count check is moved\ninto the state-check block) for code simplicity."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-49291", "ASSIGNER": "cve@kernel.org"}}, "impact": {}, "publishedDate": "2025-02-26T07:01Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.17.1", "versionStartIncluding": "5.17"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.19.243", "versionStartIncluding": "4.15"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.4.193", "versionStartIncluding": "4.20"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.10.109", "versionStartIncluding": "5.5"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.15.32", "versionStartIncluding": "5.11"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.16.18", "versionStartIncluding": "5.16"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.14.279"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-03-25T14:49Z"}