CVE-2022-50049

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-50049

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50049.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-50049

Related

Published

2025-06-18T11:15:33Z

Modified

2025-06-18T16:00:24Z

Downstream

SUSE-SU-2025:02264-1

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: DPCM: Don't pick up BE without substream

When DPCM tries to add valid BE connections at dpcmaddpaths(), it doesn't check whether the picked BE actually supports for the given stream direction. Due to that, when an asymmetric BE stream is present, it picks up wrongly and this may result in a NULL dereference at a later point where the code assumes the existence of a corresponding BE substream.

This patch adds the check for the presence of the substream for the target BE for avoiding the problem above.

Note that we have already some fix for non-existing BE substream at commit 6246f283d5e0 ("ASoC: dpcm: skip missing substream while applying symmetry"). But the code path we've hit recently is rather happening before the previous fix. So this patch tries to fix at picking up a BE instead of parsing BE lists.

References

Affected packages

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}