We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-49842

ASoC: core: Fix use-after-free in snd_soc_exit()



Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fix use-after-free in snd_soc_exit() KASAN reports a use-after-free: BUG: KASAN: use-after-free in device_del+0xb5b/0xc60 Read of size 8 at addr ffff888008655050 by task rmmod/387 CPU: 2 PID: 387 Comm: rmmod Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Call Trace: <TASK> dump_stack_lvl+0x79/0x9a print_report+0x17f/0x47b kasan_report+0xbb/0xf0 device_del+0xb5b/0xc60 platform_device_del.part.0+0x24/0x200 platform_device_unregister+0x2e/0x40 snd_soc_exit+0xa/0x22 [snd_soc_core] __do_sys_delete_module.constprop.0+0x34f/0x5b0 do_syscall_64+0x3a/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd ... </TASK> It's bacause in snd_soc_init(), snd_soc_util_init() is possble to fail, but its ret is ignored, which makes soc_dummy_dev unregistered twice. snd_soc_init() snd_soc_util_init() platform_device_register_simple(soc_dummy_dev) platform_driver_register() # fail platform_device_unregister(soc_dummy_dev) platform_driver_register() # success ... snd_soc_exit() snd_soc_util_exit() # soc_dummy_dev will be unregistered for second time To fix it, handle error and stop snd_soc_init() when util_init() fail. Also clean debugfs when util_init() or driver_register() fail.

Reserved 2025-05-01 | Published 2025-05-01 | Updated 2025-05-04 | Assigner Linux

Product status

Default status
unaffected

fb257897bf20c5f0e1df584bb5b874e811651263 before 41fad4f712e081acdfde8b59847f9f66eaf407a0
affected

fb257897bf20c5f0e1df584bb5b874e811651263 before 90bbdf30a51e42378cb23a312005a022794b8e1e
affected

fb257897bf20c5f0e1df584bb5b874e811651263 before a3365e62239dc064019a244bde5686ac18527c22
affected

fb257897bf20c5f0e1df584bb5b874e811651263 before 2ec3f558db343b045a7c7419cdbaec266b8ac1a7
affected

fb257897bf20c5f0e1df584bb5b874e811651263 before 8d21554ec7680e9585fb852d933203c3db60dad1
affected

fb257897bf20c5f0e1df584bb5b874e811651263 before 34eee4189bcebbd5f6a2ff25ef0cb893ad33d51e
affected

fb257897bf20c5f0e1df584bb5b874e811651263 before c5674bd073c0fd9f620ca550c5ff08d0d429bdd9
affected

fb257897bf20c5f0e1df584bb5b874e811651263 before 6ec27c53886c8963729885bcf2dd996eba2767a7
affected

Default status
affected

3.0
affected

Any version before 3.0
unaffected

4.9.334
unaffected

4.14.300
unaffected

4.19.267
unaffected

5.4.225
unaffected

5.10.156
unaffected

5.15.80
unaffected

6.0.10
unaffected

6.1
unaffected

References

git.kernel.org/...c/41fad4f712e081acdfde8b59847f9f66eaf407a0

git.kernel.org/...c/90bbdf30a51e42378cb23a312005a022794b8e1e

git.kernel.org/...c/a3365e62239dc064019a244bde5686ac18527c22

git.kernel.org/...c/2ec3f558db343b045a7c7419cdbaec266b8ac1a7

git.kernel.org/...c/8d21554ec7680e9585fb852d933203c3db60dad1

git.kernel.org/...c/34eee4189bcebbd5f6a2ff25ef0cb893ad33d51e

git.kernel.org/...c/c5674bd073c0fd9f620ca550c5ff08d0d429bdd9

git.kernel.org/...c/6ec27c53886c8963729885bcf2dd996eba2767a7

cve.org (CVE-2022-49842)

nvd.nist.gov (CVE-2022-49842)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2022-49842

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.