CVE-2022-50018

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the ALSA (Advanced Linux Sound Architecture) in the Linux kernel, specifically with the HDAudio bus driver. When the early probe of the HDAudio bus driver fails, for example, due to a missing firmware file, the snd hda codec shutdown() function manipulates an uninitialized codec->pcm list head, causing a page fault. The initialization of the HDAudio codec in ASoC is split into two steps: snd hda codec device init() and snd hda codec device new(). If the firmware fails to load during the PCI's deferred initialization, no platform components are registered, but the HDAudio codec enumeration is still done, calling snd hda codec device init(). During a platform reboot, snd hda codec shutdown() is called for every codec found on the HDAudio bus, causing an oops if any of them has not completed both initialization steps.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.