| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022614-CVE-2022-49616-5eb4@gregkh> Date: Wed, 26 Feb 2025 03:22:59 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49616: ASoC: rt7*-sdw: harden jack_detect_handler Description =========== In the Linux kernel, the following vulnerability has been resolved: ASoC: rt7*-sdw: harden jack_detect_handler Realtek headset codec drivers typically check if the card is instantiated before proceeding with the jack detection. The rt700, rt711 and rt711-sdca are however missing a check on the card pointer, which can lead to NULL dereferences encountered in driver bind/unbind tests. The Linux kernel CVE team has assigned CVE-2022-49616 to this issue. Affected and fixed versions =========================== Fixed in 5.15.56 with commit 07a606e1389a63b61cb8cd591026f30529117573 Fixed in 5.18.13 with commit 1d75b73ec6d6b705cca528b36d8315e43e8d7fa5 Fixed in 5.19 with commit 0484271ab0ce50649329fa9dc23c50853c5b26a4 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49616 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: sound/soc/codecs/rt700.c sound/soc/codecs/rt711-sdca.c sound/soc/codecs/rt711.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/07a606e1389a63b61cb8cd591026f30529117573 https://git.kernel.org/stable/c/1d75b73ec6d6b705cca528b36d8315e43e8d7fa5 https://git.kernel.org/stable/c/0484271ab0ce50649329fa9dc23c50853c5b26a4
Powered by blists - more mailing lists