CVE-2022-49248

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version that includes the fix for the uninitialized flag for AV/C deferred transaction

Description The issue is related to an uninitialized flag for AV/C deferred transactions in the Linux kernel. The problem was introduced when support for deferred transactions was added. The UBSAN reports an invalid load due to the uninitialized deferrable flag for non-control/notify AV/C transactions. The bug does not affect non-control/notify AV/C transactions since the flag only affects AV/C responses with an INTERIM status, which is not used in the AV/C general specification.

Recommendations For Linux kernel versions prior to the fixed version, consider applying the patch that fixes the uninitialized flag for AV/C deferred transactions to resolve the issue. As a temporary workaround, there is no specific recommendation provided, but ensuring that the kernel is updated to the latest version when available would be a general best practice. At the moment, there is no information about a newer version that contains a fix for this vulnerability.