#VU104618 NULL pointer dereference in Linux kernel - CVE-2022-49045
Published: February 26, 2025 / Updated: May 11, 2025
Vulnerability identifier: #VU104618
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-49045
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_pcm_format_set_silence() function in sound/core/pcm_misc.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/2f7a26abb8241a0208c68d22815aa247c5ddacab
- https://git.kernel.org/stable/c/377a80ca6590f40ec8a85227b889a5d399fe26c3
- https://git.kernel.org/stable/c/63038f6e96a77a0abf8083649c53e6a72c1a0124
- https://git.kernel.org/stable/c/77af45df08768401602472f3e3879dce14f55497
- https://git.kernel.org/stable/c/912797e54c99a98f0722f21313e13a3938bb6dba
- https://git.kernel.org/stable/c/97345c90235b1bb7661e7a428d9dcb96b1d7f5d4
- https://git.kernel.org/stable/c/c3b2f23bfe5452b00eb1c842bc71098449e4ad9f
- https://git.kernel.org/stable/c/eb04e3112a3516e483d60a9af9762961702a6c1b
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.239