fkie_cve-2022-49772
Vulnerability from fkie_nvd
Published
2025-05-01 15:16
Modified
2025-05-02 13:53
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
snd_usbmidi_output_open() has a check of the NULL port with
snd_BUG_ON(). snd_BUG_ON() was used as this shouldn't have happened,
but in reality, the NULL port may be seen when the device gives an
invalid endpoint setup at the descriptor, hence the driver skips the
allocation. That is, the check itself is valid and snd_BUG_ON()
should be dropped from there. Otherwise it's confusing as if it were
a real bug, as recently syzbot stumbled on it.
References
Impacted products
Vendor | Product | Version |
---|
{ "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()\n\nsnd_usbmidi_output_open() has a check of the NULL port with\nsnd_BUG_ON(). snd_BUG_ON() was used as this shouldn\u0027t have happened,\nbut in reality, the NULL port may be seen when the device gives an\ninvalid endpoint setup at the descriptor, hence the driver skips the\nallocation. That is, the check itself is valid and snd_BUG_ON()\nshould be dropped from there. Otherwise it\u0027s confusing as if it were\na real bug, as recently syzbot stumbled on it." }, { "lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: usb-audio: Se omite snd_BUG_ON() de snd_usbmidi_output_open(). snd_usbmidi_output_open() tiene una comprobaci\u00f3n del puerto nulo con snd_BUG_ON(). Se us\u00f3 snd_BUG_ON() porque esto no deber\u00eda haber ocurrido, pero en realidad, el puerto nulo puede detectarse cuando el dispositivo proporciona una configuraci\u00f3n de endpoint no v\u00e1lida en el descriptor, por lo que el controlador omite la asignaci\u00f3n. Es decir, la comprobaci\u00f3n en s\u00ed es v\u00e1lida y snd_BUG_ON() deber\u00eda omitirse. De lo contrario, es confuso, como si se tratara de un error real, como lo detect\u00f3 syzbot recientemente." } ], "id": "CVE-2022-49772", "lastModified": "2025-05-02T13:53:20.943", "metrics": {}, "published": "2025-05-01T15:16:00.347", "references": [ { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/00f5f1bbf815a39e9eecb468d12ca55d3360eb10" }, { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/02b94885b2fdf1808b1874e009bfb90753f8f4db" }, { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/368a01e5064c13946d032ab1d65ba95020a39cc5" }, { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/872c9314769e89d8bda74ff3ac584756a45ee752" }, { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a80369c8ca50bc885d14386087a834659ec54a54" }, { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ad72c3c3f6eb81d2cb189ec71e888316adada5df" }, { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c43991065f36f7628cd124e037b8750c4617a7a7" }, { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e7dc436aea80308a9268e6d2d85f910ff107de9b" } ], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…