CVE-2022-48994

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue concerns a function prototype mismatch in the snd seq expand var event function within the ALSA seq module of the Linux kernel. This mismatch can lead to a failure at runtime, manifesting as either a kernel panic or a thread being killed, when using Clang's kernel control flow integrity (kCFI, CONFIG CFI CLANG) to validate indirect call targets against expected function pointer prototypes. The functions seq copy in user() and seq copy in kernel() did not have prototypes matching snd seq dump func t, which has been adjusted and the casts removed, with no resulting binary output differences. This was discovered using Clang's new -Wcast-function-type-strict flag.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.