CVE-2022-48701
📋 TL;DR
This CVE describes an out-of-bounds read vulnerability in the Linux kernel's USB audio subsystem. When parsing interface descriptors from malicious USB audio devices, the kernel can read beyond allocated memory boundaries. This affects Linux systems with USB audio support enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, denial of service, or potential information disclosure from kernel memory
Likely Case
System crash or instability when connecting a malicious USB audio device
If Mitigated
No impact if the vulnerable code path is not triggered by connecting malicious USB devices
🎯 Exploit Status
Exploitation requires physical access or ability to connect a malicious USB device; no authentication needed once device is connected
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits: 0492798bf8dfcc09c9337a1ba065da1d1ca68712, 2a308e415d247a23d4d64c964c02e782eede2936, 6123bec8480d23369e2ee0b2208611619f269faf, 8293e61bbf908b18ff9935238d4fc2ad359e3fe0, 91904870370fd986c29719846ed76d559de43251
Vendor Advisory: https://git.kernel.org/stable/c/0492798bf8dfcc09c9337a1ba065da1d1ca68712
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable USB audio support
linuxRemove or disable the vulnerable kernel module
sudo rmmod snd-usb-audio
echo 'blacklist snd-usb-audio' | sudo tee /etc/modprobe.d/blacklist-usb-audio.conf
Restrict USB device connections
linuxUse USBGuard or similar to control which USB devices can connect
sudo apt install usbguard
sudo systemctl enable --now usbguard
🧯 If You Can't Patch
- Implement strict physical security controls to prevent unauthorized USB device connections
- Disable USB ports via BIOS/UEFI or physically block unused USB ports
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if snd-usb-audio module is loaded: lsmod | grep snd_usb_audioCheck Version:
uname -rVerify Fix Applied:
Check kernel version is patched and verify the module loads without issues📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages in /var/log/kern.log or dmesg
- System crashes when USB audio devices are connected
Network Indicators:
- No network indicators - local vulnerability only
SIEM Query:
Search for kernel panic or oops messages containing 'usb-audio' or 'snd_usb_audio'🔗 References
- https://git.kernel.org/stable/c/0492798bf8dfcc09c9337a1ba065da1d1ca68712
- https://git.kernel.org/stable/c/2a308e415d247a23d4d64c964c02e782eede2936
- https://git.kernel.org/stable/c/6123bec8480d23369e2ee0b2208611619f269faf
- https://git.kernel.org/stable/c/8293e61bbf908b18ff9935238d4fc2ad359e3fe0
- https://git.kernel.org/stable/c/91904870370fd986c29719846ed76d559de43251
- https://git.kernel.org/stable/c/98e8e67395cc6d0cdf3a771f86ea42d0ee6e59dd
- https://git.kernel.org/stable/c/b970518014f2f0f6c493fb86c1e092b936899061
- https://git.kernel.org/stable/c/e53f47f6c1a56d2af728909f1cb894da6b43d9bf
- https://git.kernel.org/stable/c/0492798bf8dfcc09c9337a1ba065da1d1ca68712
- https://git.kernel.org/stable/c/2a308e415d247a23d4d64c964c02e782eede2936
- https://git.kernel.org/stable/c/6123bec8480d23369e2ee0b2208611619f269faf
- https://git.kernel.org/stable/c/8293e61bbf908b18ff9935238d4fc2ad359e3fe0
- https://git.kernel.org/stable/c/91904870370fd986c29719846ed76d559de43251
- https://git.kernel.org/stable/c/98e8e67395cc6d0cdf3a771f86ea42d0ee6e59dd
- https://git.kernel.org/stable/c/b970518014f2f0f6c493fb86c1e092b936899061
- https://git.kernel.org/stable/c/e53f47f6c1a56d2af728909f1cb894da6b43d9bf
