CVE-2022-50144

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel's SoundWire driver has been resolved. The issue arises when the driver's bind and unbind operations are not properly handled, leading to potential kernel crashes. Specifically, the SoundWire probe stores a pointer from the driver ops into the 'slave' structure, which can cause kernel oopses when unbinding codec drivers. The vulnerability can be triggered by removing machine drivers and codec drivers in a specific sequence. Technical details about the issue include the invocation of driver callbacks after the driver's remove operation, which can result in kernel NULL pointer dereferences. For example, the sdw handle slave status function and the cdns update slave status work workqueue are involved in the vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.