CVE-2022-50229 – This is a use-after-free vulnerability in the L... (How to Fix)

Q: What is the severity of CVE-2022-50229?

CVE-2022-50229 has a CVSS score of 7.8 (HIGH). This is a use-after-free vulnerability in the Linux kernel's ALSA bcd2000 driver that occurs during device probe failure. When the driver fails to register a sound card, it improperly frees a USB urb (USB request block) before stopping it, allowing attackers to potentially execute arbitrary code or crash the system. This affects Linux systems using the bcd2000 audio driver.

📋 TL;DR

This is a use-after-free vulnerability in the Linux kernel's ALSA bcd2000 driver that occurs during device probe failure. When the driver fails to register a sound card, it improperly frees a USB urb (USB request block) before stopping it, allowing attackers to potentially execute arbitrary code or crash the system. This affects Linux systems using the bcd2000 audio driver.

💻 Affected Systems

Products:

Linux kernel with ALSA bcd2000 driver

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when the snd-bcd2000 module is loaded, typically when a BCD2000 USB audio device is connected. Most systems won't have this driver loaded by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains kernel-level code execution, leading to full system compromise, privilege escalation, or persistent root access.

🟠

Likely Case

Kernel panic or system crash causing denial of service, potentially requiring physical or remote console access to reboot.

🟢

If Mitigated

System remains stable with no impact if the vulnerable driver isn't loaded or the specific hardware isn't connected.

🌐 Internet-Facing: LOW - Requires local access to trigger the vulnerability through USB device interaction.

🏢 Internal Only: MEDIUM - Local users with physical or USB access could exploit this to crash systems or potentially escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and ability to trigger the probe failure condition, which may involve USB device manipulation. No public exploits have been reported.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in Linux kernel stable releases via commits: 05e0bb8c3c4dde3e21b9c1cf9395afb04e8b24db, 1d6a246cf97c380f2da76591f03019dd9c9599c3, 348620464a5c127399ac09b266f494f393661952, 4fc41f7ebb7efca282f1740ea934d16f33c1d109, 5e7338f4dd92b2f8915a82abfa1dd3ad3464bea0

Vendor Advisory: https://git.kernel.org/stable/c/05e0bb8c3c4dde3e21b9c1cf9395afb04e8b24db

Restart Required: Yes

Instructions:

1. Update Linux kernel to a version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Blacklist bcd2000 driver

linux

Prevent loading of the vulnerable driver module

echo 'blacklist snd-bcd2000' >> /etc/modprobe.d/blacklist-bcd2000.conf
update-initramfs -u
reboot

Disable USB audio device access

linux

Restrict USB device access to prevent triggering the vulnerability

echo 'SUBSYSTEM=="usb", ATTR{idVendor}=="1397", ATTR{idProduct}=="00b1", MODE="0000"' > /etc/udev/rules.d/99-disable-bcd2000.rules
udevadm control --reload-rules

🧯 If You Can't Patch

Ensure no BCD2000 USB audio devices are connected to vulnerable systems
Implement strict USB device policies to prevent unauthorized device connections

🔍 How to Verify

Check if Vulnerable:

Check if snd-bcd2000 module is loaded: lsmod | grep snd_bcd2000. If loaded and kernel version is before fix, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes fix commits or is from after October 2022. Verify with: uname -r and compare with distribution's patched kernel versions.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
KASAN use-after-free reports mentioning bcd2000_input_complete
USB device probe failure logs for BCD2000

Network Indicators:

None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("bcd2000" OR "use-after-free" OR "KASAN")

📊 Metadata

CVE ID: CVE-2022-50229

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.02% exploit probability (3.3th percentile)

Published: June 18, 2025

Last Updated: November 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50229, you might also want to check these: