CVE-2022-48735
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-48735
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48735.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-48735
- Downstream
- Related
- Published
- 2024-06-20T11:13:22Z
- Modified
- 2025-10-21T08:20:16.291886Z
- Summary
- ALSA: hda: Fix UAF of leds class devs at unbinding
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda: Fix UAF of leds class devs at unbinding
The LED class devices that are created by HD-audio codec drivers are registered via devmledclassdevregister() and associated with the HD-audio codec device. Unfortunately, it turned out that the devres release doesn't work for this case; namely, since the codec resource release happens before the devm call chain, it triggers a NULL dereference or a UAF for a stale setbrightness_delay callback.
For fixing the bug, this patch changes the LED class device register and unregister in a manual manner without devres, keeping the instances in hdagenspec.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0e629052f013eeb61494d4df2f1f647c2a9aef47
- https://git.kernel.org/stable/c/549f8ffc7b2f7561bea7f90930b6c5104318e87b
- https://git.kernel.org/stable/c/813e9f3e06d22e29872d4fd51b54992d89cf66c8
- https://git.kernel.org/stable/c/a7de1002135cf94367748ffc695a29812d7633b5
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced15509b6344726de22bdbfff88b65341dd0dd33afFixeda7de1002135cf94367748ffc695a29812d7633b5
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced15509b6344726de22bdbfff88b65341dd0dd33afFixed0e629052f013eeb61494d4df2f1f647c2a9aef47
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced15509b6344726de22bdbfff88b65341dd0dd33afFixed813e9f3e06d22e29872d4fd51b54992d89cf66c8
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced15509b6344726de22bdbfff88b65341dd0dd33afFixed549f8ffc7b2f7561bea7f90930b6c5104318e87b
Affected versions
v5.*
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.10.1
v5.10.10
v5.10.11
v5.10.12
v5.10.13
v5.10.14
v5.10.15
v5.10.16
v5.10.17
v5.10.18
v5.10.19
v5.10.2
v5.10.20
v5.10.21
v5.10.22
v5.10.23
v5.10.24
v5.10.25
v5.10.26
v5.10.27
v5.10.28
v5.10.29
v5.10.3
v5.10.30
v5.10.31
v5.10.32
v5.10.33
v5.10.34
v5.10.35
v5.10.36
v5.10.37
v5.10.38
v5.10.39
v5.10.4
v5.10.40
v5.10.41
v5.10.42
v5.10.43
v5.10.44
v5.10.45
v5.10.46
v5.10.47
v5.10.48
v5.10.49
v5.10.5
v5.10.50
v5.10.51
v5.10.52
v5.10.53
v5.10.54
v5.10.55
v5.10.56
v5.10.57
v5.10.58
v5.10.59
v5.10.6
v5.10.60
v5.10.61
v5.10.62
v5.10.63
v5.10.64
v5.10.65
v5.10.66
v5.10.67
v5.10.68
v5.10.69
v5.10.7
v5.10.70
v5.10.71
v5.10.72
v5.10.73
v5.10.74
v5.10.75
v5.10.76
v5.10.77
v5.10.78
v5.10.79
v5.10.8
v5.10.80
v5.10.81
v5.10.82
v5.10.83
v5.10.84
v5.10.85
v5.10.86
v5.10.87
v5.10.88
v5.10.89
v5.10.9
v5.10.90
v5.10.91
v5.10.92
v5.10.93
v5.10.94
v5.10.95
v5.10.96
v5.10.97
v5.10.98
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.3
v5.15.4
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.16.1
v5.16.2
v5.16.3
v5.16.4
v5.16.5
v5.16.6
v5.16.7
v5.17-rc1
v5.8
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@549f8ffc7b2f7561bea7f90930b6c5104318e87b",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-48735-0aaed43a",
"target": {
"function": "snd_hda_gen_spec_free",
"file": "sound/pci/hda/hda_generic.c"
},
"digest": {
"length": 160.0,
"function_hash": "299285315173819463448583479216405124564"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@549f8ffc7b2f7561bea7f90930b6c5104318e87b",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-48735-20516cc7",
"target": {
"file": "sound/pci/hda/hda_generic.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"131530112744212879788111335518103206194",
"141725475931968866401361422903265270738",
"246906190310278524156471923129147172096",
"239150808338679207290099727059746752643",
"315318835758111652429161374456836440858",
"179421879942944414447834249705096013105",
"75695735743014228719455789911483261865",
"289541232838596340339245217372833533806",
"56508326807173479142684078065569437056",
"206314381687275845766694143923982473028",
"138391746026349481231114462488251128476",
"183940433156152667863487178556288107036",
"44195800771529828357384321369167850465",
"222841955626809444355207532465215750059",
"218558306415114513058463906811487588395"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@549f8ffc7b2f7561bea7f90930b6c5104318e87b",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-48735-2c5f444f",
"target": {
"file": "sound/pci/hda/hda_generic.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"287946398366646535304305511602276171769",
"186726818127005174799047158528110156081",
"40871500212247995285396332034699325439",
"63638610238423829348168783871448135630"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a7de1002135cf94367748ffc695a29812d7633b5",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-48735-42d85328",
"target": {
"file": "sound/pci/hda/hda_generic.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"287946398366646535304305511602276171769",
"186726818127005174799047158528110156081",
"40871500212247995285396332034699325439",
"63638610238423829348168783871448135630"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@549f8ffc7b2f7561bea7f90930b6c5104318e87b",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-48735-550985f0",
"target": {
"function": "create_mute_led_cdev",
"file": "sound/pci/hda/hda_generic.c"
},
"digest": {
"length": 573.0,
"function_hash": "228033602481531605612249612111400712238"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0e629052f013eeb61494d4df2f1f647c2a9aef47",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-48735-5caacfce",
"target": {
"file": "sound/pci/hda/hda_generic.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"131530112744212879788111335518103206194",
"141725475931968866401361422903265270738",
"246906190310278524156471923129147172096",
"239150808338679207290099727059746752643",
"315318835758111652429161374456836440858",
"179421879942944414447834249705096013105",
"75695735743014228719455789911483261865",
"289541232838596340339245217372833533806",
"56508326807173479142684078065569437056",
"206314381687275845766694143923982473028",
"138391746026349481231114462488251128476",
"183940433156152667863487178556288107036",
"44195800771529828357384321369167850465",
"222841955626809444355207532465215750059",
"218558306415114513058463906811487588395"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0e629052f013eeb61494d4df2f1f647c2a9aef47",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-48735-66a14193",
"target": {
"function": "create_mute_led_cdev",
"file": "sound/pci/hda/hda_generic.c"
},
"digest": {
"length": 573.0,
"function_hash": "228033602481531605612249612111400712238"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0e629052f013eeb61494d4df2f1f647c2a9aef47",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-48735-9a167e7d",
"target": {
"function": "snd_hda_gen_spec_free",
"file": "sound/pci/hda/hda_generic.c"
},
"digest": {
"length": 160.0,
"function_hash": "299285315173819463448583479216405124564"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a7de1002135cf94367748ffc695a29812d7633b5",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-48735-9b687c82",
"target": {
"function": "snd_hda_gen_spec_free",
"file": "sound/pci/hda/hda_generic.c"
},
"digest": {
"length": 160.0,
"function_hash": "299285315173819463448583479216405124564"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@813e9f3e06d22e29872d4fd51b54992d89cf66c8",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-48735-a9605b35",
"target": {
"file": "sound/pci/hda/hda_generic.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"287946398366646535304305511602276171769",
"186726818127005174799047158528110156081",
"40871500212247995285396332034699325439",
"63638610238423829348168783871448135630"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a7de1002135cf94367748ffc695a29812d7633b5",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-48735-b4d5adc9",
"target": {
"file": "sound/pci/hda/hda_generic.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"131530112744212879788111335518103206194",
"141725475931968866401361422903265270738",
"246906190310278524156471923129147172096",
"239150808338679207290099727059746752643",
"315318835758111652429161374456836440858",
"179421879942944414447834249705096013105",
"75695735743014228719455789911483261865",
"289541232838596340339245217372833533806",
"56508326807173479142684078065569437056",
"206314381687275845766694143923982473028",
"138391746026349481231114462488251128476",
"183940433156152667863487178556288107036",
"44195800771529828357384321369167850465",
"249939781681471711412416381190004539015",
"238556041243057846483245049097443779611"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a7de1002135cf94367748ffc695a29812d7633b5",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-48735-c5d58831",
"target": {
"function": "create_mute_led_cdev",
"file": "sound/pci/hda/hda_generic.c"
},
"digest": {
"length": 573.0,
"function_hash": "228033602481531605612249612111400712238"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@813e9f3e06d22e29872d4fd51b54992d89cf66c8",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-48735-ce29530a",
"target": {
"function": "snd_hda_gen_spec_free",
"file": "sound/pci/hda/hda_generic.c"
},
"digest": {
"length": 160.0,
"function_hash": "299285315173819463448583479216405124564"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@813e9f3e06d22e29872d4fd51b54992d89cf66c8",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-48735-d41191f4",
"target": {
"function": "create_mute_led_cdev",
"file": "sound/pci/hda/hda_generic.c"
},
"digest": {
"length": 573.0,
"function_hash": "228033602481531605612249612111400712238"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0e629052f013eeb61494d4df2f1f647c2a9aef47",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-48735-dde896d5",
"target": {
"file": "sound/pci/hda/hda_generic.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"287946398366646535304305511602276171769",
"186726818127005174799047158528110156081",
"40871500212247995285396332034699325439",
"63638610238423829348168783871448135630"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@813e9f3e06d22e29872d4fd51b54992d89cf66c8",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-48735-f845bd9f",
"target": {
"file": "sound/pci/hda/hda_generic.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"131530112744212879788111335518103206194",
"141725475931968866401361422903265270738",
"246906190310278524156471923129147172096",
"239150808338679207290099727059746752643",
"315318835758111652429161374456836440858",
"179421879942944414447834249705096013105",
"75695735743014228719455789911483261865",
"289541232838596340339245217372833533806",
"56508326807173479142684078065569437056",
"206314381687275845766694143923982473028",
"138391746026349481231114462488251128476",
"183940433156152667863487178556288107036",
"44195800771529828357384321369167850465",
"222841955626809444355207532465215750059",
"218558306415114513058463906811487588395"
]
},
"signature_type": "Line"
}
]