CVE-2022-49842 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fix use-after-free in snd_soc_exit() KASAN reports a use-after-free: BUG: KASAN: use-after-free in device_del+0xb5b/0xc60 Read of size 8 at addr ffff888008655050 by task rmmod/387 CPU: 2 PID: 387 Comm: rmmod Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Call Trace: <TASK> dump_stack_lvl+0x79/0x9a print_report+0x17f/0x47b kasan_report+0xbb/0xf0 device_del+0xb5b/0xc60 platform_device_del.part.0+0x24/0x200 platform_device_unregister+0x2e/0x40 snd_soc_exit+0xa/0x22 [snd_soc_core] __do_sys_delete_module.constprop.0+0x34f/0x5b0 do_syscall_64+0x3a/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd ... </TASK> It's bacause in snd_soc_init(), snd_soc_util_init() is possble to fail, but its ret is ignored, which makes soc_dummy_dev unregistered twice. snd_soc_init() snd_soc_util_init() platform_device_register_simple(soc_dummy_dev) platform_driver_register() # fail platform_device_unregister(soc_dummy_dev) platform_driver_register() # success ... snd_soc_exit() snd_soc_util_exit() # soc_dummy_dev will be unregistered for second time To fix it, handle error and stop snd_soc_init() when util_init() fail. Also clean debugfs when util_init() or driver_register() fail.

PUBLISHED Reserved 2025-05-01 | Published 2025-05-01 | Updated 2026-05-11 | Assigner Linux

Product status

Default status

unaffected

fb257897bf20c5f0e1df584bb5b874e811651263 (git) before 41fad4f712e081acdfde8b59847f9f66eaf407a0

affected

fb257897bf20c5f0e1df584bb5b874e811651263 (git) before 90bbdf30a51e42378cb23a312005a022794b8e1e

affected

fb257897bf20c5f0e1df584bb5b874e811651263 (git) before a3365e62239dc064019a244bde5686ac18527c22

affected

fb257897bf20c5f0e1df584bb5b874e811651263 (git) before 2ec3f558db343b045a7c7419cdbaec266b8ac1a7

affected

fb257897bf20c5f0e1df584bb5b874e811651263 (git) before 8d21554ec7680e9585fb852d933203c3db60dad1

affected

fb257897bf20c5f0e1df584bb5b874e811651263 (git) before 34eee4189bcebbd5f6a2ff25ef0cb893ad33d51e

affected

fb257897bf20c5f0e1df584bb5b874e811651263 (git) before c5674bd073c0fd9f620ca550c5ff08d0d429bdd9

affected

fb257897bf20c5f0e1df584bb5b874e811651263 (git) before 6ec27c53886c8963729885bcf2dd996eba2767a7

affected

Default status

affected

3.0

affected

Any version before 3.0

unaffected

4.9.334 (semver)

unaffected

4.14.300 (semver)

unaffected

4.19.267 (semver)

unaffected

5.4.225 (semver)

unaffected

5.10.156 (semver)

unaffected

5.15.80 (semver)

unaffected

6.0.10 (semver)

unaffected

6.1 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/41fad4f712e081acdfde8b59847f9f66eaf407a0

git.kernel.org/...c/90bbdf30a51e42378cb23a312005a022794b8e1e

git.kernel.org/...c/a3365e62239dc064019a244bde5686ac18527c22

git.kernel.org/...c/2ec3f558db343b045a7c7419cdbaec266b8ac1a7

git.kernel.org/...c/8d21554ec7680e9585fb852d933203c3db60dad1

git.kernel.org/...c/34eee4189bcebbd5f6a2ff25ef0cb893ad33d51e

git.kernel.org/...c/c5674bd073c0fd9f620ca550c5ff08d0d429bdd9

git.kernel.org/...c/6ec27c53886c8963729885bcf2dd996eba2767a7

cve.org (CVE-2022-49842)

nvd.nist.gov (CVE-2022-49842)

Download JSON