{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49733", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T02:21:30.449Z", "datePublished": "2025-03-02T14:30:02.838Z", "dateUpdated": "2025-03-02T14:30:02.838Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-03-02T14:30:02.838Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC\n\nThere is a small race window at snd_pcm_oss_sync() that is called from\nOSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls\nsnd_pcm_oss_make_ready() at first, then takes the params_lock mutex\nfor the rest. When the stream is set up again by another thread\nbetween them, it leads to inconsistency, and may result in unexpected\nresults such as NULL dereference of OSS buffer as a fuzzer spotted\nrecently.\n\nThe fix is simply to cover snd_pcm_oss_make_ready() call into the same\nparams_lock mutex with snd_pcm_oss_make_ready_locked() variant."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/core/oss/pcm_oss.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "4051324a6dafd7053c74c475e80b3ba10ae672b0", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "fce793a056c604b41a298317cf704dae255f1b36", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "8015ef9e8a0ee5cecfd0cb6805834d007ab26f86", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "723ac5ab2891b6c10dd6cc78ef5456af593490eb", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "8423f0b6d513b259fdab9c9bf4aaa6188d054c2d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/core/oss/pcm_oss.c"], "versions": [{"version": "5.4.215", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.148", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.68", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19.9", "lessThanOrEqual": "5.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/4051324a6dafd7053c74c475e80b3ba10ae672b0"}, {"url": "https://git.kernel.org/stable/c/fce793a056c604b41a298317cf704dae255f1b36"}, {"url": "https://git.kernel.org/stable/c/8015ef9e8a0ee5cecfd0cb6805834d007ab26f86"}, {"url": "https://git.kernel.org/stable/c/723ac5ab2891b6c10dd6cc78ef5456af593490eb"}, {"url": "https://git.kernel.org/stable/c/8423f0b6d513b259fdab9c9bf4aaa6188d054c2d"}], "title": "ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC\n\nThere is a small race window at snd_pcm_oss_sync() that is called from\nOSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls\nsnd_pcm_oss_make_ready() at first, then takes the params_lock mutex\nfor the rest. When the stream is set up again by another thread\nbetween them, it leads to inconsistency, and may result in unexpected\nresults such as NULL dereference of OSS buffer as a fuzzer spotted\nrecently.\n\nThe fix is simply to cover snd_pcm_oss_make_ready() call into the same\nparams_lock mutex with snd_pcm_oss_make_ready_locked() variant."}], "id": "CVE-2022-49733", "lastModified": "2025-03-02T15:15:11.480", "metrics": {}, "published": "2025-03-02T15:15:11.480", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4051324a6dafd7053c74c475e80b3ba10ae672b0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/723ac5ab2891b6c10dd6cc78ef5456af593490eb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8015ef9e8a0ee5cecfd0cb6805834d007ab26f86"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8423f0b6d513b259fdab9c9bf4aaa6188d054c2d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fce793a056c604b41a298317cf704dae255f1b36"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"bugzilla": {"description": "kernel: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC", "id": "2349258", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349258"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC\nThere is a small race window at snd_pcm_oss_sync() that is called from\nOSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls\nsnd_pcm_oss_make_ready() at first, then takes the params_lock mutex\nfor the rest. When the stream is set up again by another thread\nbetween them, it leads to inconsistency, and may result in unexpected\nresults such as NULL dereference of OSS buffer as a fuzzer spotted\nrecently.\nThe fix is simply to cover snd_pcm_oss_make_ready() call into the same\nparams_lock mutex with snd_pcm_oss_make_ready_locked() variant."], "name": "CVE-2022-49733", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-03-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49733\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49733\nhttps://lore.kernel.org/linux-cve-announce/2025030256-CVE-2022-49733-c0f1@gregkh/T"], "statement": "There is no known way to trigger the bug and some complex race condition should happen, so security impact limited.", "threat_severity": "Low"}