CVE-2022-49249
📋 TL;DR
This CVE describes an out-of-bounds array access vulnerability in the Linux kernel's wc938x audio codec driver. On ARM64 (aarch64) systems where sizeof(long) is 8 bytes but enum size is 4 bytes, using integers to access enums can cause memory corruption. This affects Linux systems with the wc938x driver loaded.
💻 Affected Systems
- Linux kernel with wc938x audio codec driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory corruption leading to system crash (kernel panic), privilege escalation, or arbitrary code execution in kernel context.
Likely Case
System instability, kernel crashes, or denial of service when the affected audio codec functionality is used.
If Mitigated
No impact if the wc938x driver is not loaded or if systems are patched.
🎯 Exploit Status
Exploitation requires local access or ability to trigger the vulnerable code path. The vulnerability is in a specific audio driver, limiting attack surface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the fix commits: adafea71b49ec4dbc44e0b84ec6eb602004a7a08, cc587b7c8fbbe128f6bd0dad025a0caea5e6d164, d09aee1b1da196be11ed86dd4897f228f2487613, f03c0c94186d5876857132d97e28f20cdc100bdc
Vendor Advisory: https://git.kernel.org/stable/c/adafea71b49ec4dbc44e0b84ec6eb602004a7a08
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Rebuild kernel if using custom kernel. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable wc938x driver
LinuxPrevent loading of the vulnerable driver module
echo 'blacklist snd-soc-wc938x' >> /etc/modprobe.d/blacklist.conf
rmmod snd-soc-wc938x
🧯 If You Can't Patch
- Ensure wc938x driver is not loaded (check with lsmod)
- Restrict local user access to systems with vulnerable driver
🔍 How to Verify
Check if Vulnerable:
Check if wc938x driver is loaded: lsmod | grep wc938x AND check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched AND wc938x driver functions normally if needed📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- Ooops messages in dmesg
- Audio subsystem errors
Network Indicators:
- None - local vulnerability
SIEM Query:
Search for kernel panic or Oops messages containing wc938x or audio codec references