CVE-2022-49842

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue has been identified in the Linux kernel, specifically in the ASoC core. The issue arises when snd soc util init() fails, but its return value is ignored, leading to soc dummy dev being unregistered twice. This results in a use-after-free error, as reported by KASAN. The error occurs in the device del() function and is triggered when the rmmod task attempts to delete a module. To fix this issue, the error handling in snd soc init() has been improved to stop initialization when util init() fails, and debugfs is cleaned when util init() or driver register() fails.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the use-after-free error in the ASoC core. As a temporary workaround, consider disabling the snd soc exit() function until a patch is available. Additionally, restrict access to the vulnerable device del() function to minimize the risk of exploitation. Avoid using the platform device unregister() function with the soc dummy dev device until the issue is resolved.