{ "containers": { "cna": { "providerMetadata": { "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: Fix UAF of leds class devs at unbinding\n\nThe LED class devices that are created by HD-audio codec drivers are\nregistered via devm_led_classdev_register() and associated with the\nHD-audio codec device. Unfortunately, it turned out that the devres\nrelease doesn't work for this case; namely, since the codec resource\nrelease happens before the devm call chain, it triggers a NULL\ndereference or a UAF for a stale set_brightness_delay callback.\n\nFor fixing the bug, this patch changes the LED class device register\nand unregister in a manual manner without devres, keeping the\ninstances in hda_gen_spec." } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "sound/pci/hda/hda_generic.c", "sound/pci/hda/hda_generic.h" ], "versions": [ { "version": "1da177e4c3f4", "lessThan": "a7de1002135c", "status": "affected", "versionType": "git" }, { "version": "1da177e4c3f4", "lessThan": "0e629052f013", "status": "affected", "versionType": "git" }, { "version": "1da177e4c3f4", "lessThan": "813e9f3e06d2", "status": "affected", "versionType": "git" }, { "version": "1da177e4c3f4", "lessThan": "549f8ffc7b2f", "status": "affected", "versionType": "git" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "sound/pci/hda/hda_generic.c", "sound/pci/hda/hda_generic.h" ], "versions": [ { "version": "5.10.99", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.15.22", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.16.8", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/a7de1002135cf94367748ffc695a29812d7633b5" }, { "url": "https://git.kernel.org/stable/c/0e629052f013eeb61494d4df2f1f647c2a9aef47" }, { "url": "https://git.kernel.org/stable/c/813e9f3e06d22e29872d4fd51b54992d89cf66c8" }, { "url": "https://git.kernel.org/stable/c/549f8ffc7b2f7561bea7f90930b6c5104318e87b" } ], "title": "ALSA: hda: Fix UAF of leds class devs at unbinding", "x_generator": { "engine": "bippy-7d53e8ef8be4" } } }, "cveMetadata": { "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", "cveID": "CVE-2022-48735", "requesterUserId": "gregkh@kernel.org", "serial": "1", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.0" }