{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49498", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T02:08:31.586Z", "datePublished": "2025-02-26T02:13:32.895Z", "dateUpdated": "2025-02-26T02:13:32.895Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-02-26T02:13:32.895Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Check for null pointer of pointer substream before dereferencing it\n\nPointer substream is being dereferenced on the assignment of pointer card\nbefore substream is being null checked with the macro PCM_RUNTIME_CHECK.\nAlthough PCM_RUNTIME_CHECK calls BUG_ON, it still is useful to perform the\nthe pointer check before card is assigned."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/core/pcm_memory.c"], "versions": [{"version": "95b30a4312545f2dde9db12bf6a425f35d5a0d77", "lessThan": "b2421a196cb0911ea95aec1050a0b830464c8fa6", "status": "affected", "versionType": "git"}, {"version": "d4cfb30fce03093ad944e0b44bd8f40bdad5330e", "lessThan": "f2c68c52898f623fe84518da4606538d193b0cca", "status": "affected", "versionType": "git"}, {"version": "d4cfb30fce03093ad944e0b44bd8f40bdad5330e", "lessThan": "7784d22f81a29df2ec57ca90d54f93a35cbcd1a2", "status": "affected", "versionType": "git"}, {"version": "d4cfb30fce03093ad944e0b44bd8f40bdad5330e", "lessThan": "1f2e28857be1e5c7db39bbc221332215fc5467e3", "status": "affected", "versionType": "git"}, {"version": "d4cfb30fce03093ad944e0b44bd8f40bdad5330e", "lessThan": "b41ef7ad9238c22aa2e142f5ce4ce1a1a0d48123", "status": "affected", "versionType": "git"}, {"version": "d4cfb30fce03093ad944e0b44bd8f40bdad5330e", "lessThan": "011b559be832194f992f73d6c0d5485f5925a10b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/core/pcm_memory.c"], "versions": [{"version": "5.6", "status": "affected"}, {"version": "0", "lessThan": "5.6", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.121", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.46", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17.14", "lessThanOrEqual": "5.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18.3", "lessThanOrEqual": "5.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/b2421a196cb0911ea95aec1050a0b830464c8fa6"}, {"url": "https://git.kernel.org/stable/c/f2c68c52898f623fe84518da4606538d193b0cca"}, {"url": "https://git.kernel.org/stable/c/7784d22f81a29df2ec57ca90d54f93a35cbcd1a2"}, {"url": "https://git.kernel.org/stable/c/1f2e28857be1e5c7db39bbc221332215fc5467e3"}, {"url": "https://git.kernel.org/stable/c/b41ef7ad9238c22aa2e142f5ce4ce1a1a0d48123"}, {"url": "https://git.kernel.org/stable/c/011b559be832194f992f73d6c0d5485f5925a10b"}], "title": "ALSA: pcm: Check for null pointer of pointer substream before dereferencing it", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A15DF1FA-9BBB-4490-9023-56F79F29AC6E", "versionEndExcluding": "5.10.121", "versionStartIncluding": "5.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "20D41697-0E8B-4B7D-8842-F17BF2AA21E1", "versionEndExcluding": "5.15.46", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "15E2DD33-2255-4B76-9C15-04FF8CBAB252", "versionEndExcluding": "5.17.14", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E122216-2E9E-4B3E-B7B8-D575A45BA3C2", "versionEndExcluding": "5.18.3", "versionStartIncluding": "5.18", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Check for null pointer of pointer substream before dereferencing it\n\nPointer substream is being dereferenced on the assignment of pointer card\nbefore substream is being null checked with the macro PCM_RUNTIME_CHECK.\nAlthough PCM_RUNTIME_CHECK calls BUG_ON, it still is useful to perform the\nthe pointer check before card is assigned."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: pcm: Verificar si el puntero de la subsecuencia de puntero es nulo antes de desreferenciarlo La subsecuencia de puntero se desreferencia en la asignaci\u00f3n de la tarjeta de puntero antes de que la subsecuencia sea verificada como nula con la macro PCM_RUNTIME_CHECK. Aunque PCM_RUNTIME_CHECK llama a BUG_ON, sigue siendo \u00fatil realizar la verificaci\u00f3n del puntero antes de que se asigne la tarjeta."}], "id": "CVE-2022-49498", "lastModified": "2025-03-17T16:54:23.170", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-26T07:01:25.987", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/011b559be832194f992f73d6c0d5485f5925a10b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1f2e28857be1e5c7db39bbc221332215fc5467e3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7784d22f81a29df2ec57ca90d54f93a35cbcd1a2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b2421a196cb0911ea95aec1050a0b830464c8fa6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b41ef7ad9238c22aa2e142f5ce4ce1a1a0d48123"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f2c68c52898f623fe84518da4606538d193b0cca"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ALSA: pcm: Check for null pointer of pointer substream before dereferencing it", "id": "2347969", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347969"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nALSA: pcm: Check for null pointer of pointer substream before dereferencing it\nPointer substream is being dereferenced on the assignment of pointer card\nbefore substream is being null checked with the macro PCM_RUNTIME_CHECK.\nAlthough PCM_RUNTIME_CHECK calls BUG_ON, it still is useful to perform the\nthe pointer check before card is assigned."], "name": "CVE-2022-49498", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49498\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49498\nhttps://lore.kernel.org/linux-cve-announce/2025022607-CVE-2022-49498-dd18@gregkh/T"], "threat_severity": "Low"}