CVE-2022-48992
📋 TL;DR
This CVE-2022-48992 is a NULL pointer dereference vulnerability in the Linux kernel's ASoC (ALSA System on Chip) subsystem. It allows local attackers to cause a kernel panic (denial of service) by triggering a specific condition in the dpcm_be_reparent function. This affects systems running vulnerable Linux kernel versions with ASoC audio components.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local attacker triggers kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
Local user or process causes system crash through fuzzing or malformed audio operations, resulting in temporary denial of service.
If Mitigated
System remains stable as the NULL check prevents dereferencing, with no security impact beyond normal operation.
🎯 Exploit Status
Discovered during fuzzing tests. Requires local access and specific conditions to trigger the NULL pointer dereference.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 0760acc2e6598ad4f7bd3662db2d907ef0838139 or later
Vendor Advisory: https://git.kernel.org/stable/c/0760acc2e6598ad4f7bd3662db2d907ef0838139
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For custom kernels, apply the NULL check patch to soc/soc-pcm.c. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable ASoC audio subsystem
linuxRemove or disable ASoC kernel modules to prevent exploitation
modprobe -r snd_soc_core
echo 'blacklist snd_soc_core' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Restrict local user access to systems with vulnerable kernels
- Implement strict process isolation and resource limits to minimize impact
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if ASoC modules are loaded: 'uname -r' and 'lsmod | grep snd_soc'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and check for NULL pointer checks in soc-pcm source code📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- NULL pointer dereference errors in kernel logs
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND "NULL pointer dereference" AND "soc-pcm"🔗 References
- https://git.kernel.org/stable/c/0760acc2e6598ad4f7bd3662db2d907ef0838139
- https://git.kernel.org/stable/c/34a9796bf0684bfd54e96a142560d560c21c983b
- https://git.kernel.org/stable/c/9f74b9aa8d58c18927bb9b65dd5ba70a5fd61615
- https://git.kernel.org/stable/c/d4dd21a79dbb862d2ebcf9ed90e646416009ff0d
- https://git.kernel.org/stable/c/db8f91d424fe0ea6db337aca8bc05908bbce1498
- https://git.kernel.org/stable/c/e7166d6821c15f3516bcac8ae3f155924da1908c
- https://git.kernel.org/stable/c/f2ba66d8738584d124aff4e760ed1337f5f6dfb6
- https://git.kernel.org/stable/c/f6f45e538328df9ce66aa61bafee1a5717c4b700
