CVE-2022-49291
📋 TL;DR
This CVE describes a race condition vulnerability in the Linux kernel's ALSA PCM subsystem where concurrent hw_params and hw_free ioctl calls can lead to use-after-free (UAF). Attackers could potentially exploit this to crash the system or execute arbitrary code with kernel privileges. All Linux systems using affected kernel versions with ALSA sound subsystem are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel privilege escalation leading to full system compromise, arbitrary code execution, or persistent rootkit installation.
Likely Case
Kernel panic or system crash causing denial of service, potentially requiring physical access to restart.
If Mitigated
No impact if patched or if ALSA subsystem is not in use.
🎯 Exploit Status
Exploitation requires local access and ability to trigger concurrent ioctl calls. Race conditions are timing-sensitive and difficult to exploit reliably.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commits: 0090c13cbbdffd7da079ac56f80373a9a1be0bf8, 0f6947f5f5208f6ebd4d76a82a4757e2839a23f8, 1bbf82d9f961414d6c76a08f7f843ea068e0ab7b, 33061d0fba51d2bf70a2ef9645f703c33fe8e438, 92ee3c60ec9fe64404dc035e7c41277d74aa26cb
Vendor Advisory: https://git.kernel.org/stable/c/
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable ALSA sound subsystem
LinuxRemove or blacklist ALSA kernel modules if sound functionality is not required
echo 'blacklist snd' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Restrict user access to sound devices via permissions (chmod 600 /dev/snd/*)
- Implement strict access controls and monitor for suspicious sound-related system calls
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with distribution's security advisories. Vulnerable if using unpatched kernel with ALSA support.Check Version:
uname -rVerify Fix Applied:
Check kernel version after update: uname -r should show patched version. Verify ALSA modules still function if needed.📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- System crashes/panics
- Unexpected ALSA-related errors in dmesg
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("ALSA" OR "snd" OR "sound") AND ("panic" OR "oops" OR "BUG")🔗 References
- https://git.kernel.org/stable/c/0090c13cbbdffd7da079ac56f80373a9a1be0bf8
- https://git.kernel.org/stable/c/0f6947f5f5208f6ebd4d76a82a4757e2839a23f8
- https://git.kernel.org/stable/c/1bbf82d9f961414d6c76a08f7f843ea068e0ab7b
- https://git.kernel.org/stable/c/33061d0fba51d2bf70a2ef9645f703c33fe8e438
- https://git.kernel.org/stable/c/92ee3c60ec9fe64404dc035e7c41277d74aa26cb
- https://git.kernel.org/stable/c/9cb6c40a6ebe4a0cfc9d6a181958211682cffea9
- https://git.kernel.org/stable/c/a42aa926843acca96c0dfbde2e835b8137f2f092
- https://git.kernel.org/stable/c/fbeb492694ce0441053de57699e1e2b7bc148a69
