ghsa-r7mg-9735-2673
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda: Fix page fault in snd_hda_codec_shutdown()
If early probe of HDAudio bus driver fails e.g.: due to missing firmware file, snd_hda_codec_shutdown() ends in manipulating uninitialized codec->pcm_list_head causing page fault.
Iinitialization of HDAudio codec in ASoC is split in two: - snd_hda_codec_device_init() - snd_hda_codec_device_new()
snd_hda_codec_device_init() is called during probe_codecs() by HDAudio bus driver while snd_hda_codec_device_new() is called by codec-component's ->probe(). The second call will not happen until all components required by related sound card are present within the ASoC framework. With firmware failing to load during the PCI's deferred initialization i.e.: probe_work(), no platform components are ever registered. HDAudio codec enumeration is done at that point though, so the codec components became registered to ASoC framework, calling snd_hda_codec_device_init() in the process.
Now, during platform reboot snd_hda_codec_shutdown() is called for every codec found on the HDAudio bus causing oops if any of them has not completed both of their initialization steps. Relocating field initialization fixes the issue.
{
"affected": [],
"aliases": [
"CVE-2022-50018"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T11:15:29Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: Fix page fault in snd_hda_codec_shutdown()\n\nIf early probe of HDAudio bus driver fails e.g.: due to missing\nfirmware file, snd_hda_codec_shutdown() ends in manipulating\nuninitialized codec-\u003epcm_list_head causing page fault.\n\nIinitialization of HDAudio codec in ASoC is split in two:\n- snd_hda_codec_device_init()\n- snd_hda_codec_device_new()\n\nsnd_hda_codec_device_init() is called during probe_codecs() by HDAudio\nbus driver while snd_hda_codec_device_new() is called by\ncodec-component\u0027s -\u003eprobe(). The second call will not happen until all\ncomponents required by related sound card are present within the ASoC\nframework. With firmware failing to load during the PCI\u0027s deferred\ninitialization i.e.: probe_work(), no platform components are ever\nregistered. HDAudio codec enumeration is done at that point though, so\nthe codec components became registered to ASoC framework, calling\nsnd_hda_codec_device_init() in the process.\n\nNow, during platform reboot snd_hda_codec_shutdown() is called for every\ncodec found on the HDAudio bus causing oops if any of them has not\ncompleted both of their initialization steps. Relocating field\ninitialization fixes the issue.",
"id": "GHSA-r7mg-9735-2673",
"modified": "2025-06-18T12:30:42Z",
"published": "2025-06-18T12:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50018"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/980b3a8790b402e959a6d773b38b771019682be1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e02db5c2c2ee15bc9a9ec8a86a614fd091e584dc"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.