CVE-2022-48735
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-48735
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48735.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-48735
- Downstream
- Related
- Published
- 2024-06-20T11:13:22.065Z
- Modified
- 2025-11-28T08:25:29.034431Z
- Summary
- ALSA: hda: Fix UAF of leds class devs at unbinding
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda: Fix UAF of leds class devs at unbinding
The LED class devices that are created by HD-audio codec drivers are registered via devmledclassdevregister() and associated with the HD-audio codec device. Unfortunately, it turned out that the devres release doesn't work for this case; namely, since the codec resource release happens before the devm call chain, it triggers a NULL dereference or a UAF for a stale setbrightness_delay callback.
For fixing the bug, this patch changes the LED class device register and unregister in a manual manner without devres, keeping the instances in hdagenspec.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48735.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0e629052f013eeb61494d4df2f1f647c2a9aef47
- https://git.kernel.org/stable/c/549f8ffc7b2f7561bea7f90930b6c5104318e87b
- https://git.kernel.org/stable/c/813e9f3e06d22e29872d4fd51b54992d89cf66c8
- https://git.kernel.org/stable/c/a7de1002135cf94367748ffc695a29812d7633b5
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48735.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-48735
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced15509b6344726de22bdbfff88b65341dd0dd33afFixeda7de1002135cf94367748ffc695a29812d7633b5Fixed0e629052f013eeb61494d4df2f1f647c2a9aef47Fixed813e9f3e06d22e29872d4fd51b54992d89cf66c8Fixed549f8ffc7b2f7561bea7f90930b6c5104318e87b
Affected versions
v5.*
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.10.1
v5.10.10
v5.10.11
v5.10.12
v5.10.13
v5.10.14
v5.10.15
v5.10.16
v5.10.17
v5.10.18
v5.10.19
v5.10.2
v5.10.20
v5.10.21
v5.10.22
v5.10.23
v5.10.24
v5.10.25
v5.10.26
v5.10.27
v5.10.28
v5.10.29
v5.10.3
v5.10.30
v5.10.31
v5.10.32
v5.10.33
v5.10.34
v5.10.35
v5.10.36
v5.10.37
v5.10.38
v5.10.39
v5.10.4
v5.10.40
v5.10.41
v5.10.42
v5.10.43
v5.10.44
v5.10.45
v5.10.46
v5.10.47
v5.10.48
v5.10.49
v5.10.5
v5.10.50
v5.10.51
v5.10.52
v5.10.53
v5.10.54
v5.10.55
v5.10.56
v5.10.57
v5.10.58
v5.10.59
v5.10.6
v5.10.60
v5.10.61
v5.10.62
v5.10.63
v5.10.64
v5.10.65
v5.10.66
v5.10.67
v5.10.68
v5.10.69
v5.10.7
v5.10.70
v5.10.71
v5.10.72
v5.10.73
v5.10.74
v5.10.75
v5.10.76
v5.10.77
v5.10.78
v5.10.79
v5.10.8
v5.10.80
v5.10.81
v5.10.82
v5.10.83
v5.10.84
v5.10.85
v5.10.86
v5.10.87
v5.10.88
v5.10.89
v5.10.9
v5.10.90
v5.10.91
v5.10.92
v5.10.93
v5.10.94
v5.10.95
v5.10.96
v5.10.97
v5.10.98
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.3
v5.15.4
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.16.1
v5.16.2
v5.16.3
v5.16.4
v5.16.5
v5.16.6
v5.16.7
v5.17-rc1
v5.8
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "sound/pci/hda/hda_generic.h"
},
"digest": {
"line_hashes": [
"287946398366646535304305511602276171769",
"186726818127005174799047158528110156081",
"40871500212247995285396332034699325439",
"63638610238423829348168783871448135630"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a7de1002135cf94367748ffc695a29812d7633b5",
"id": "CVE-2022-48735-42d85328"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "sound/pci/hda/hda_generic.c"
},
"digest": {
"line_hashes": [
"131530112744212879788111335518103206194",
"141725475931968866401361422903265270738",
"246906190310278524156471923129147172096",
"239150808338679207290099727059746752643",
"315318835758111652429161374456836440858",
"179421879942944414447834249705096013105",
"75695735743014228719455789911483261865",
"289541232838596340339245217372833533806",
"56508326807173479142684078065569437056",
"206314381687275845766694143923982473028",
"138391746026349481231114462488251128476",
"183940433156152667863487178556288107036",
"44195800771529828357384321369167850465",
"222841955626809444355207532465215750059",
"218558306415114513058463906811487588395"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0e629052f013eeb61494d4df2f1f647c2a9aef47",
"id": "CVE-2022-48735-5caacfce"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "create_mute_led_cdev",
"file": "sound/pci/hda/hda_generic.c"
},
"digest": {
"function_hash": "228033602481531605612249612111400712238",
"length": 573.0
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0e629052f013eeb61494d4df2f1f647c2a9aef47",
"id": "CVE-2022-48735-66a14193"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "snd_hda_gen_spec_free",
"file": "sound/pci/hda/hda_generic.c"
},
"digest": {
"function_hash": "299285315173819463448583479216405124564",
"length": 160.0
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0e629052f013eeb61494d4df2f1f647c2a9aef47",
"id": "CVE-2022-48735-9a167e7d"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "snd_hda_gen_spec_free",
"file": "sound/pci/hda/hda_generic.c"
},
"digest": {
"function_hash": "299285315173819463448583479216405124564",
"length": 160.0
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a7de1002135cf94367748ffc695a29812d7633b5",
"id": "CVE-2022-48735-9b687c82"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "sound/pci/hda/hda_generic.h"
},
"digest": {
"line_hashes": [
"287946398366646535304305511602276171769",
"186726818127005174799047158528110156081",
"40871500212247995285396332034699325439",
"63638610238423829348168783871448135630"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@813e9f3e06d22e29872d4fd51b54992d89cf66c8",
"id": "CVE-2022-48735-a9605b35"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "sound/pci/hda/hda_generic.c"
},
"digest": {
"line_hashes": [
"131530112744212879788111335518103206194",
"141725475931968866401361422903265270738",
"246906190310278524156471923129147172096",
"239150808338679207290099727059746752643",
"315318835758111652429161374456836440858",
"179421879942944414447834249705096013105",
"75695735743014228719455789911483261865",
"289541232838596340339245217372833533806",
"56508326807173479142684078065569437056",
"206314381687275845766694143923982473028",
"138391746026349481231114462488251128476",
"183940433156152667863487178556288107036",
"44195800771529828357384321369167850465",
"249939781681471711412416381190004539015",
"238556041243057846483245049097443779611"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a7de1002135cf94367748ffc695a29812d7633b5",
"id": "CVE-2022-48735-b4d5adc9"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "create_mute_led_cdev",
"file": "sound/pci/hda/hda_generic.c"
},
"digest": {
"function_hash": "228033602481531605612249612111400712238",
"length": 573.0
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a7de1002135cf94367748ffc695a29812d7633b5",
"id": "CVE-2022-48735-c5d58831"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "snd_hda_gen_spec_free",
"file": "sound/pci/hda/hda_generic.c"
},
"digest": {
"function_hash": "299285315173819463448583479216405124564",
"length": 160.0
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@813e9f3e06d22e29872d4fd51b54992d89cf66c8",
"id": "CVE-2022-48735-ce29530a"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "create_mute_led_cdev",
"file": "sound/pci/hda/hda_generic.c"
},
"digest": {
"function_hash": "228033602481531605612249612111400712238",
"length": 573.0
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@813e9f3e06d22e29872d4fd51b54992d89cf66c8",
"id": "CVE-2022-48735-d41191f4"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "sound/pci/hda/hda_generic.h"
},
"digest": {
"line_hashes": [
"287946398366646535304305511602276171769",
"186726818127005174799047158528110156081",
"40871500212247995285396332034699325439",
"63638610238423829348168783871448135630"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0e629052f013eeb61494d4df2f1f647c2a9aef47",
"id": "CVE-2022-48735-dde896d5"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "sound/pci/hda/hda_generic.c"
},
"digest": {
"line_hashes": [
"131530112744212879788111335518103206194",
"141725475931968866401361422903265270738",
"246906190310278524156471923129147172096",
"239150808338679207290099727059746752643",
"315318835758111652429161374456836440858",
"179421879942944414447834249705096013105",
"75695735743014228719455789911483261865",
"289541232838596340339245217372833533806",
"56508326807173479142684078065569437056",
"206314381687275845766694143923982473028",
"138391746026349481231114462488251128476",
"183940433156152667863487178556288107036",
"44195800771529828357384321369167850465",
"222841955626809444355207532465215750059",
"218558306415114513058463906811487588395"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@813e9f3e06d22e29872d4fd51b54992d89cf66c8",
"id": "CVE-2022-48735-f845bd9f"
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48735.json"