PT-2025-9212 · Linux+2 · Linux Kernel+2

Butt3Rflyh4Ck

Published

2022-09-05

Updated

2026-02-04

CVE-2022-49733

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists in the Linux kernel's ALSA pcm oss component. The issue occurs in the snd pcm oss sync() function, which is called from the OSS PCM SNDCTL DSP SYNC ioctl. This function first calls snd pcm oss make ready(), then takes the params lock mutex. If the stream is set up again by another thread between these two operations, it can lead to inconsistency and potentially result in unexpected behavior, such as a NULL dereference of the OSS buffer.

Recommendations To resolve this issue, apply the fix that covers the snd pcm oss make ready() call with the snd pcm oss make ready locked() variant within the same params lock mutex.

Exploit

Fix

NULL Pointer Dereference

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-362

Related Identifiers

BDU:2026-03265

CVE-2022-49733

OPENSUSE-SU-2025_1263-1

SUSE-SU-2025:0983-1

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025:1293-1

SUSE-SU-2025_0983-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

SUSE-SU-2025_1293-1

SUSE-SU-2026:0385-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-9212 · Linux+2 · Linux Kernel+2

CVE-2022-49733

Weakness Enumeration

Related Identifiers

Affected Products

References · 1505