{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-49842","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-05-01T14:05:17.229Z","datePublished":"2025-05-01T14:09:57.711Z","dateUpdated":"2026-05-11T19:07:49.831Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:07:49.831Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: core: Fix use-after-free in snd_soc_exit()\n\nKASAN reports a use-after-free:\n\nBUG: KASAN: use-after-free in device_del+0xb5b/0xc60\nRead of size 8 at addr ffff888008655050 by task rmmod/387\nCPU: 2 PID: 387 Comm: rmmod\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n<TASK>\ndump_stack_lvl+0x79/0x9a\nprint_report+0x17f/0x47b\nkasan_report+0xbb/0xf0\ndevice_del+0xb5b/0xc60\nplatform_device_del.part.0+0x24/0x200\nplatform_device_unregister+0x2e/0x40\nsnd_soc_exit+0xa/0x22 [snd_soc_core]\n__do_sys_delete_module.constprop.0+0x34f/0x5b0\ndo_syscall_64+0x3a/0x90\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n...\n</TASK>\n\nIt's bacause in snd_soc_init(), snd_soc_util_init() is possble to fail,\nbut its ret is ignored, which makes soc_dummy_dev unregistered twice.\n\nsnd_soc_init()\n    snd_soc_util_init()\n        platform_device_register_simple(soc_dummy_dev)\n        platform_driver_register() # fail\n    \tplatform_device_unregister(soc_dummy_dev)\n    platform_driver_register() # success\n...\nsnd_soc_exit()\n    snd_soc_util_exit()\n    # soc_dummy_dev will be unregistered for second time\n\nTo fix it, handle error and stop snd_soc_init() when util_init() fail.\nAlso clean debugfs when util_init() or driver_register() fail."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["sound/soc/soc-core.c"],"versions":[{"version":"fb257897bf20c5f0e1df584bb5b874e811651263","lessThan":"41fad4f712e081acdfde8b59847f9f66eaf407a0","status":"affected","versionType":"git"},{"version":"fb257897bf20c5f0e1df584bb5b874e811651263","lessThan":"90bbdf30a51e42378cb23a312005a022794b8e1e","status":"affected","versionType":"git"},{"version":"fb257897bf20c5f0e1df584bb5b874e811651263","lessThan":"a3365e62239dc064019a244bde5686ac18527c22","status":"affected","versionType":"git"},{"version":"fb257897bf20c5f0e1df584bb5b874e811651263","lessThan":"2ec3f558db343b045a7c7419cdbaec266b8ac1a7","status":"affected","versionType":"git"},{"version":"fb257897bf20c5f0e1df584bb5b874e811651263","lessThan":"8d21554ec7680e9585fb852d933203c3db60dad1","status":"affected","versionType":"git"},{"version":"fb257897bf20c5f0e1df584bb5b874e811651263","lessThan":"34eee4189bcebbd5f6a2ff25ef0cb893ad33d51e","status":"affected","versionType":"git"},{"version":"fb257897bf20c5f0e1df584bb5b874e811651263","lessThan":"c5674bd073c0fd9f620ca550c5ff08d0d429bdd9","status":"affected","versionType":"git"},{"version":"fb257897bf20c5f0e1df584bb5b874e811651263","lessThan":"6ec27c53886c8963729885bcf2dd996eba2767a7","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["sound/soc/soc-core.c"],"versions":[{"version":"3.0","status":"affected"},{"version":"0","lessThan":"3.0","status":"unaffected","versionType":"semver"},{"version":"4.9.334","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.300","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.267","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.225","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.156","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.80","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.0.10","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"4.9.334"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"4.14.300"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"4.19.267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"5.4.225"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"5.10.156"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"5.15.80"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"6.0.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"6.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/41fad4f712e081acdfde8b59847f9f66eaf407a0"},{"url":"https://git.kernel.org/stable/c/90bbdf30a51e42378cb23a312005a022794b8e1e"},{"url":"https://git.kernel.org/stable/c/a3365e62239dc064019a244bde5686ac18527c22"},{"url":"https://git.kernel.org/stable/c/2ec3f558db343b045a7c7419cdbaec266b8ac1a7"},{"url":"https://git.kernel.org/stable/c/8d21554ec7680e9585fb852d933203c3db60dad1"},{"url":"https://git.kernel.org/stable/c/34eee4189bcebbd5f6a2ff25ef0cb893ad33d51e"},{"url":"https://git.kernel.org/stable/c/c5674bd073c0fd9f620ca550c5ff08d0d429bdd9"},{"url":"https://git.kernel.org/stable/c/6ec27c53886c8963729885bcf2dd996eba2767a7"}],"title":"ASoC: core: Fix use-after-free in snd_soc_exit()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-416","lang":"en","description":"CWE-416 Use After Free"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.8,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-10-01T17:00:53.638936Z","id":"CVE-2022-49842","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-01T17:00:56.212Z"}}]}}