CVE-2022-3170

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to an out-of-bounds access in the Linux kernel sound subsystem, specifically with the get ctl id hash() function. This occurs when the id->name parameter does not end with a null character (0). A local user with privileges could potentially exploit this by passing a specially crafted name through the ioctl() system call, leading to a system crash or possible privilege escalation.

Recommendations For Linux kernel, as a temporary workaround, consider restricting access to the ioctl() interface until a patch is available. Avoid using the id->name parameter in the affected sound subsystem until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.