CVE-2022-50229

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free (UAF) bug has been identified in the Linux kernel's ALSA (Advanced Linux Sound Architecture) component, specifically in the bcd2000 driver. This issue occurs when the driver fails to register a sound card during the probing process, leading to the premature freeing of the midi out urb resource before it is properly terminated. This can cause a UAF error, as evidenced by logs indicating a KASAN (Kernel Address Sanitizer) bug. The error is related to the bcd2000 input complete function.

Recommendations To resolve this issue, add usb kill urb() before usb free urb() in the affected code path. This ensures that the USB urb (urban) is properly killed before being freed, preventing the use-after-free bug.

At the moment, there is no information about a newer version that contains a fix for this vulnerability.