{
  "threat_severity" : "Moderate",
  "public_date" : "2025-02-26T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls",
    "id" : "2347842",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2347842"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nALSA: pcm: Fix races among concurrent hw_params and hw_free calls\nCurrently we have neither proper check nor protection against the\nconcurrent calls of PCM hw_params and hw_free ioctls, which may result\nin a UAF.  Since the existing PCM stream lock can't be used for\nprotecting the whole ioctl operations, we need a new mutex to protect\nthose racy calls.\nThis patch introduced a new mutex, runtime->buffer_mutex, and applies\nit to both hw_params and hw_free ioctl code paths.  Along with it, the\nboth functions are slightly modified (the mmap_count check is moved\ninto the state-check block) for code simplicity." ],
  "statement" : "The bug is that concurrent calls of PCM hw_params and hw_free ioctls may result in a use-after-free. There is no known vector of attack and attack complexity is high. To trigger the bug user need to have privileges for calling these ioctls. The security impact is limited.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2024-06-26T00:00:00Z",
    "advisory" : "RHSA-2024:4107",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.6",
    "package" : "kernel-0:4.18.0-372.109.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2024-06-26T00:00:00Z",
    "advisory" : "RHSA-2024:4107",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.6",
    "package" : "kernel-0:4.18.0-372.109.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2024-06-26T00:00:00Z",
    "advisory" : "RHSA-2024:4107",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.6",
    "package" : "kernel-0:4.18.0-372.109.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-11-15T00:00:00Z",
    "advisory" : "RHSA-2022:8267",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-162.6.1.el9_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-11-15T00:00:00Z",
    "advisory" : "RHSA-2022:8267",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-162.6.1.el9_1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-49291\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49291\nhttps://lore.kernel.org/linux-cve-announce/2025022633-CVE-2022-49291-8c67@gregkh/T" ],
  "name" : "CVE-2022-49291",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent module snd from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
    "lang" : "en:us"
  },
  "csaw" : false
}