CVE-2022-49248

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49248
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49248.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49248
Related
Published
2025-02-26T07:01:01Z
Modified
2025-02-26T19:01:34.419387Z
Downstream
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction

AV/C deferred transaction was supported at a commit 00a7bb81c20f ("ALSA: firewire-lib: Add support for deferred transaction") while 'deferrable' flag can be uninitialized for non-control/notify AV/C transactions. UBSAN reports it:

kernel: ================================================================================ kernel: UBSAN: invalid-load in /build/linux-aa0B4d/linux-5.15.0/sound/firewire/fcp.c:363:9 kernel: load of value 158 is not a valid value for type 'Bool' kernel: CPU: 3 PID: 182227 Comm: irq/35-firewire Tainted: P OE 5.15.0-18-generic #18-Ubuntu kernel: Hardware name: Gigabyte Technology Co., Ltd. AX370-Gaming 5/AX370-Gaming 5, BIOS F42b 08/01/2019 kernel: Call Trace: kernel: <IRQ> kernel: showstack+0x52/0x58 kernel: dumpstacklvl+0x4a/0x5f kernel: dumpstack+0x10/0x12 kernel: ubsanepilogue+0x9/0x45 kernel: _ubsanhandleloadinvalidvalue.cold+0x44/0x49 kernel: fcpresponse.part.0.cold+0x1a/0x2b [sndfirewirelib] kernel: fcpresponse+0x28/0x30 [sndfirewirelib] kernel: fwcorehandlerequest+0x230/0x3d0 [firewirecore] kernel: handlearpacket+0x1d9/0x200 [firewireohci] kernel: ? handlearpacket+0x1d9/0x200 [firewireohci] kernel: ? transmitcompletecallback+0x9f/0x120 [firewirecore] kernel: arcontexttasklet+0xa8/0x2e0 [firewireohci] kernel: taskletactioncommon.constprop.0+0xea/0xf0 kernel: taskletaction+0x22/0x30 kernel: _dosoftirq+0xd9/0x2e3 kernel: ? irqfinalizeoneshot.part.0+0xf0/0xf0 kernel: dosoftirq+0x75/0xa0 kernel: </IRQ> kernel: <TASK> kernel: _localbhenableip+0x50/0x60 kernel: irqforcedthreadfn+0x7e/0x90 kernel: irqthread+0xba/0x190 kernel: ? irqthreadfn+0x60/0x60 kernel: kthread+0x11e/0x140 kernel: ? irqthreadcheckaffinity+0xf0/0xf0 kernel: ? setkthreadstruct+0x50/0x50 kernel: retfromfork+0x22/0x30 kernel: </TASK> kernel: ================================================================================

This commit fixes the bug. The bug has no disadvantage for the non- control/notify AV/C transactions since the flag has an effect for AV/C response with INTERIM (0x0f) status which is not used for the transactions in AV/C general specification.

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.113-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.17.3-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.17.3-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}