In the Linux kernel, the following vulnerability has been resolved:
ALSA: pcm: oss: Fix race at SNDCTLDSPSYNC
There is a small race window at sndpcmosssync() that is called from OSS PCM SNDCTLDSPSYNC ioctl; namely the function calls sndpcmossmakeready() at first, then takes the paramslock mutex for the rest. When the stream is set up again by another thread between them, it leads to inconsistency, and may result in unexpected results such as NULL dereference of OSS buffer as a fuzzer spotted recently.
The fix is simply to cover sndpcmossmakeready() call into the same paramslock mutex with sndpcmossmakereadylocked() variant.
{ "vanir_signatures": [ { "signature_version": "v1", "signature_type": "Function", "target": { "file": "sound/core/oss/pcm_oss.c", "function": "snd_pcm_oss_sync" }, "id": "CVE-2022-49733-14b33322", "digest": { "length": 2298.0, "function_hash": "223597018710323689402456181293977531806" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8423f0b6d513b259fdab9c9bf4aaa6188d054c2d" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "sound/core/oss/pcm_oss.c" }, "id": "CVE-2022-49733-2774f58a", "digest": { "line_hashes": [ "153019307809423740975653519990436266033", "213387512250178079735390304115892250906", "146167616383693007832686368311084747169", "93317985834974600506701342579886303711", "128077454089028829022146287673226726410", "51584140627476515304761115604500156521", "66828793008889379732497239635535560240", "119016709104423746287155870368458173600", "204737428784123304028132736892762095887", "13578157013823600323780596516277411843" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fce793a056c604b41a298317cf704dae255f1b36" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "sound/core/oss/pcm_oss.c", "function": "snd_pcm_oss_sync" }, "id": "CVE-2022-49733-3c55f927", "digest": { "length": 2298.0, "function_hash": "223597018710323689402456181293977531806" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@723ac5ab2891b6c10dd6cc78ef5456af593490eb" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "sound/core/oss/pcm_oss.c" }, "id": "CVE-2022-49733-6296f56e", "digest": { "line_hashes": [ "136364306471635656103482513031655068407", "331908989757083300008108638572774269151", "121828637445499887322700666610613543206", "334695817419663653689419630430543720283", "151252523157135058326999220974551728079", "128077454089028829022146287673226726410", "51584140627476515304761115604500156521", "66828793008889379732497239635535560240", "119016709104423746287155870368458173600", "204737428784123304028132736892762095887", "13578157013823600323780596516277411843" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@723ac5ab2891b6c10dd6cc78ef5456af593490eb" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "sound/core/oss/pcm_oss.c", "function": "snd_pcm_oss_sync" }, "id": "CVE-2022-49733-6d9daeb7", "digest": { "length": 2294.0, "function_hash": "260673702950548246767687300905763670266" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fce793a056c604b41a298317cf704dae255f1b36" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "sound/core/oss/pcm_oss.c" }, "id": "CVE-2022-49733-933f26da", "digest": { "line_hashes": [ "153019307809423740975653519990436266033", "213387512250178079735390304115892250906", "146167616383693007832686368311084747169", "93317985834974600506701342579886303711", "128077454089028829022146287673226726410", "51584140627476515304761115604500156521", "66828793008889379732497239635535560240", "119016709104423746287155870368458173600", "204737428784123304028132736892762095887", "13578157013823600323780596516277411843" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4051324a6dafd7053c74c475e80b3ba10ae672b0" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "sound/core/oss/pcm_oss.c", "function": "snd_pcm_oss_sync" }, "id": "CVE-2022-49733-c4e97e5b", "digest": { "length": 2298.0, "function_hash": "223597018710323689402456181293977531806" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8015ef9e8a0ee5cecfd0cb6805834d007ab26f86" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "sound/core/oss/pcm_oss.c", "function": "snd_pcm_oss_sync" }, "id": "CVE-2022-49733-d4def822", "digest": { "length": 2294.0, "function_hash": "260673702950548246767687300905763670266" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4051324a6dafd7053c74c475e80b3ba10ae672b0" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "sound/core/oss/pcm_oss.c" }, "id": "CVE-2022-49733-de9cf4b4", "digest": { "line_hashes": [ "136364306471635656103482513031655068407", "331908989757083300008108638572774269151", "121828637445499887322700666610613543206", "334695817419663653689419630430543720283", "151252523157135058326999220974551728079", "128077454089028829022146287673226726410", "51584140627476515304761115604500156521", "66828793008889379732497239635535560240", "119016709104423746287155870368458173600", "204737428784123304028132736892762095887", "13578157013823600323780596516277411843" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8015ef9e8a0ee5cecfd0cb6805834d007ab26f86" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "sound/core/oss/pcm_oss.c" }, "id": "CVE-2022-49733-eb74aef6", "digest": { "line_hashes": [ "136364306471635656103482513031655068407", "331908989757083300008108638572774269151", "121828637445499887322700666610613543206", "334695817419663653689419630430543720283", "151252523157135058326999220974551728079", "128077454089028829022146287673226726410", "51584140627476515304761115604500156521", "66828793008889379732497239635535560240", "119016709104423746287155870368458173600", "204737428784123304028132736892762095887", "13578157013823600323780596516277411843" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8423f0b6d513b259fdab9c9bf4aaa6188d054c2d" } ] }