CVE-2022-49493
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's rt5645 audio codec driver. The improper cleanup order during device removal could allow attackers to trigger memory corruption, potentially leading to system crashes or privilege escalation. This affects Linux systems using the rt5645 audio hardware.
💻 Affected Systems
- Linux kernel with rt5645 audio codec driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic, system crash, or local privilege escalation to root if an attacker can trigger the race condition and execute arbitrary code.
Likely Case
System instability, kernel crashes, or denial of service affecting audio functionality.
If Mitigated
Minimal impact if proper access controls prevent unprivileged users from accessing audio device removal functions.
🎯 Exploit Status
Exploitation requires triggering a specific race condition during device removal, which requires local access and timing precision.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel versions containing the fix commits (061a6159cea583f1155f67d1915917a6b9282662 and related)
Vendor Advisory: https://git.kernel.org/stable/c/061a6159cea583f1155f67d1915917a6b9282662
Restart Required: No
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager to update kernel package. 3. Rebuild kernel if using custom kernel with the fix patches applied.
🔧 Temporary Workarounds
Disable rt5645 module
allPrevent loading of the vulnerable rt5645 kernel module
echo 'blacklist snd-soc-rt5645' >> /etc/modprobe.d/blacklist-rt5645.conf
rmmod snd-soc-rt5645
🧯 If You Can't Patch
- Restrict access to audio device management functions to privileged users only
- Monitor system logs for kernel crashes or audio device removal events
🔍 How to Verify
Check if Vulnerable:
Check if rt5645 module is loaded: lsmod | grep rt5645 AND check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or is newer than vulnerable versions📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- Audio device removal errors in dmesg
- Use-after-free kernel warnings
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
Search for kernel panic events or audio device removal errors in system logs🔗 References
- https://git.kernel.org/stable/c/061a6159cea583f1155f67d1915917a6b9282662
- https://git.kernel.org/stable/c/0941150100173d4eaf3fe08ff4b16740e7c3026f
- https://git.kernel.org/stable/c/1a5a3dfd9f172dcb115072f0aea5e27d3083c20e
- https://git.kernel.org/stable/c/236d29c5857f02e0a53fdf15d3dce1536c4322ce
- https://git.kernel.org/stable/c/2def44d3aec59e38d2701c568d65540783f90f2f
- https://git.kernel.org/stable/c/453f0920ffc1a28e28ddb9c3cd5562472b2895b0
- https://git.kernel.org/stable/c/88c09e4812d72c3153afc8e5a45ecac2d0eae3ff
- https://git.kernel.org/stable/c/abe7554da62cb489712a54de69ef5665c250e564
