CVE-2022-48735 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2022-48735?

CVE-2022-48735 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability in the Linux kernel's ALSA HD-audio subsystem. When unbinding HD-audio codec drivers, the LED class devices can be accessed after being freed, potentially allowing local attackers to execute arbitrary code or crash the system. This affects Linux systems with HD-audio hardware and the vulnerable kernel versions.

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's ALSA HD-audio subsystem. When unbinding HD-audio codec drivers, the LED class devices can be accessed after being freed, potentially allowing local attackers to execute arbitrary code or crash the system. This affects Linux systems with HD-audio hardware and the vulnerable kernel versions.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific vulnerable kernel versions between the introduction of the bug and the fix (exact range depends on distribution backports)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires HD-audio hardware and ALSA subsystem. The vulnerability is triggered during device unbinding operations.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level code execution, potentially leading to full system compromise.

🟠

Likely Case

Kernel panic or system crash causing denial of service.

🟢

If Mitigated

No impact if patched or if HD-audio hardware is not present.

🌐 Internet-Facing: LOW - Requires local access to exploit.

🏢 Internal Only: MEDIUM - Local attackers with user privileges could exploit this.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to trigger device unbinding. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commit 0e629052f013eeb61494d4df2f1f647c2a9aef47 or later

Vendor Advisory: https://git.kernel.org/stable/c/0e629052f013eeb61494d4df2f1f647c2a9aef47

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable HD-audio module

linux

Prevent loading of the vulnerable HD-audio module

echo 'blacklist snd-hda-intel' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

Restrict local user access to systems with HD-audio hardware
Implement strict access controls and monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if HD-audio module is loaded: 'uname -r' and 'lsmod | grep snd_hda_intel'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched and system remains stable during audio device operations

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
OOPs messages in dmesg
System crashes during audio device operations

Network Indicators:

None - local vulnerability only

SIEM Query:

Search for kernel panic events or privilege escalation attempts from local users

📊 Metadata

CVE ID: CVE-2022-48735

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: June 20, 2024

Last Updated: May 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-48735, you might also want to check these: