#VU104798 Buffer overflow in Linux kernel - CVE-2022-49292

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104798

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49292

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the snd_pcm_plugin_alloc() function in sound/core/oss/pcm_plugin.c, within the snd_pcm_oss_period_size() and snd_pcm_oss_change_params_locked() functions in sound/core/oss/pcm_oss.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/0c4190b41a69990666b4000999e27f8f1b2a426b
https://git.kernel.org/stable/c/5ce74ff7059341d8b2f4d01c3383491df63d1898
https://git.kernel.org/stable/c/7a40cbf3579a8e14849ba7ce46309c1992658d2b
https://git.kernel.org/stable/c/a63af1baf0a5e11827db60e3127f87e437cab6e5
https://git.kernel.org/stable/c/e74a069c6a7bb505f3ade141dddf85f4b0b5145a
https://git.kernel.org/stable/c/efb6402c3c4a7c26d97c92d70186424097b6e366
https://git.kernel.org/stable/c/fb08bf99195a87c798bc8ae1357337a981faeade

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 20.03 LTS SP4 update for kernel

SUSE update for the Linux Kernel

Buffer overflow in Linux kernel core oss