CVE-2022-49842

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49842
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49842.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49842
Downstream
Related
Published
2025-05-01T14:09:57.711Z
Modified
2025-11-28T02:34:08.956191Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
ASoC: core: Fix use-after-free in snd_soc_exit()
Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: core: Fix use-after-free in sndsocexit()

KASAN reports a use-after-free:

BUG: KASAN: use-after-free in devicedel+0xb5b/0xc60 Read of size 8 at addr ffff888008655050 by task rmmod/387 CPU: 2 PID: 387 Comm: rmmod Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Call Trace: <TASK> dumpstacklvl+0x79/0x9a printreport+0x17f/0x47b kasanreport+0xbb/0xf0 devicedel+0xb5b/0xc60 platformdevicedel.part.0+0x24/0x200 platformdeviceunregister+0x2e/0x40 sndsocexit+0xa/0x22 [sndsoccore] _dosysdeletemodule.constprop.0+0x34f/0x5b0 dosyscall64+0x3a/0x90 entrySYSCALL64afterhwframe+0x63/0xcd ... </TASK>

It's bacause in sndsocinit(), sndsocutilinit() is possble to fail, but its ret is ignored, which makes socdummy_dev unregistered twice.

sndsocinit() sndsocutilinit() platformdeviceregistersimple(socdummydev) platformdriverregister() # fail platformdeviceunregister(socdummydev) platformdriverregister() # success ... sndsocexit() sndsocutilexit() # socdummy_dev will be unregistered for second time

To fix it, handle error and stop sndsocinit() when utilinit() fail. Also clean debugfs when utilinit() or driver_register() fail.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49842.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fb257897bf20c5f0e1df584bb5b874e811651263
Fixed
41fad4f712e081acdfde8b59847f9f66eaf407a0
Fixed
90bbdf30a51e42378cb23a312005a022794b8e1e
Fixed
a3365e62239dc064019a244bde5686ac18527c22
Fixed
2ec3f558db343b045a7c7419cdbaec266b8ac1a7
Fixed
8d21554ec7680e9585fb852d933203c3db60dad1
Fixed
34eee4189bcebbd5f6a2ff25ef0cb893ad33d51e
Fixed
c5674bd073c0fd9f620ca550c5ff08d0d429bdd9
Fixed
6ec27c53886c8963729885bcf2dd996eba2767a7

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
4.9.334
Type
ECOSYSTEM
Events
Introduced
4.10.0
Fixed
4.14.300
Type
ECOSYSTEM
Events
Introduced
4.15.0
Fixed
4.19.267
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.225
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.156
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.80
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.0.10