PT-2022-4776 · Linux+9 · Linux Kernel+9

Hu Jiahui

Published

2022-03-22

Updated

2026-02-04

CVE-2022-1048

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the sound subsystem of the Linux kernel and involves incorrect handling of concurrent PCM hw params calls. This can allow an attacker to access confidential data, compromise data integrity, and cause a denial of service. A local user can potentially crash the system or escalate their privileges due to a use-after-free flaw in the sound subsystem. The flaw occurs when a user triggers concurrent calls of PCM hw params, leading to a race condition inside ALSA PCM for other ioctls.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

ALSA-2022:7444

ALSA-2022:7683

ALSA-2022:7933

ALSA-2022:8267

ALT-PU-2022-1647

ALT-PU-2022-1730

ALT-PU-2022-1768

ALT-PU-2022-2155

ALT-PU-2023-1684

ALT-PU-2023-1741

ALT-PU-2023-1814

ALT-PU-2023-4894

AZL-9644

BDU:2022-05717

CESA-2022_7444

CESA-2022_7683

CVE-2022-1048

DSA-5127-1

DSA-5173-1

MGASA-2022-0121

MGASA-2022-0122

OESA-2022-1727

OPENSUSE-SU-2022_1163-1

OPENSUSE-SU-2022_1183-1

OPENSUSE-SU-2022_1256-1

OPENSUSE-SU-2025_1263-1

RHSA-2022:7444

RHSA-2022:7683

RHSA-2022:7933

RHSA-2022:8267

RHSA-2022_7444

RHSA-2022_7683

RHSA-2022_7933

RHSA-2022_8267

RHSA-2024:4107

RLSA-2022:7444

RLSA-2022:7683

SUSE-SU-2022:1163-1

SUSE-SU-2022:1183-1

SUSE-SU-2022:1196-1

SUSE-SU-2022:1197-1

SUSE-SU-2022:1255-1

SUSE-SU-2022:1256-1

SUSE-SU-2022:1257-1

SUSE-SU-2022:1266-1

SUSE-SU-2022:1267-1

SUSE-SU-2022:1270-1

SUSE-SU-2022:1283-1

SUSE-SU-2022:1402-1

SUSE-SU-2022:1407-1

SUSE-SU-2022:1939-1

SUSE-SU-2022:1942-1

SUSE-SU-2022:1945-1

SUSE-SU-2022:1947-1

SUSE-SU-2022:1948-1

SUSE-SU-2022:1955-1

SUSE-SU-2022:1974-1

SUSE-SU-2022:2000-1

SUSE-SU-2022:2006-1

SUSE-SU-2022_1945-1

SUSE-SU-2022_1947-1

SUSE-SU-2022_1948-1

SUSE-SU-2022_1955-1

SUSE-SU-2022_1974-1

SUSE-SU-2022_2000-1

SUSE-SU-2022_2006-1

SUSE-SU-2023:0416-1

SUSE-SU-2025:0983-1

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025:1293-1

SUSE-SU-2025_0983-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

SUSE-SU-2025_1293-1

SUSE-SU-2026:0385-1

USN-5381-1

USN-5469-1

USN-5560-1

USN-5560-2

USN-5562-1

USN-5582-1

USN-5856-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Linux Kernel

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2022-4776 · Linux+9 · Linux Kernel+9

CVE-2022-1048

Weakness Enumeration

Related Identifiers

Affected Products

References · 2059