ghsa-x2w3-4grf-5r9f
Vulnerability from github
Published
2025-05-01 15:31
Modified
2025-05-01 15:31
Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()

snd_usbmidi_output_open() has a check of the NULL port with snd_BUG_ON(). snd_BUG_ON() was used as this shouldn't have happened, but in reality, the NULL port may be seen when the device gives an invalid endpoint setup at the descriptor, hence the driver skips the allocation. That is, the check itself is valid and snd_BUG_ON() should be dropped from there. Otherwise it's confusing as if it were a real bug, as recently syzbot stumbled on it.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-49772"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T15:16:00Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()\n\nsnd_usbmidi_output_open() has a check of the NULL port with\nsnd_BUG_ON().  snd_BUG_ON() was used as this shouldn\u0027t have happened,\nbut in reality, the NULL port may be seen when the device gives an\ninvalid endpoint setup at the descriptor, hence the driver skips the\nallocation.  That is, the check itself is valid and snd_BUG_ON()\nshould be dropped from there.  Otherwise it\u0027s confusing as if it were\na real bug, as recently syzbot stumbled on it.",
  "id": "GHSA-x2w3-4grf-5r9f",
  "modified": "2025-05-01T15:31:46Z",
  "published": "2025-05-01T15:31:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49772"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/00f5f1bbf815a39e9eecb468d12ca55d3360eb10"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/02b94885b2fdf1808b1874e009bfb90753f8f4db"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/368a01e5064c13946d032ab1d65ba95020a39cc5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/872c9314769e89d8bda74ff3ac584756a45ee752"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a80369c8ca50bc885d14386087a834659ec54a54"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ad72c3c3f6eb81d2cb189ec71e888316adada5df"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c43991065f36f7628cd124e037b8750c4617a7a7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e7dc436aea80308a9268e6d2d85f910ff107de9b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.