Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-48701— ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()

EPSS 0.01% · P1
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-48701

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() There may be a bad USB audio device with a USB ID of (0x04fa, 0x4201) and the number of it's interfaces less than 4, an out-of-bounds read bug occurs when parsing the interface descriptor for this device. Fix this by checking the number of interfaces.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于__snd_usb_parse_audio_interface函数允许越界读取。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux b9d43bcd061956c8144bcb453d07d13236b6ab28 ~ b970518014f2f0f6c493fb86c1e092b936899061 -
LinuxLinux 2.6.26 -

II. Public POCs for CVE-2022-48701

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-48701

登录查看更多情报信息。

Same Patch Batch · Linux · 2024-05-03 · 25 CVEs total

CVE-2022-48693soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
CVE-2022-48705wifi: mt76: mt7921e: fix crash in chip reset fail
CVE-2022-48704drm/radeon: add a force flush to delay work when radeon
CVE-2022-48695scsi: mpt3sas: Fix use-after-free warning
CVE-2022-48690ice: Fix DMA mappings leak
CVE-2022-48703thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR
CVE-2022-48702ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
CVE-2022-48699sched/debug: fix dentry leak in update_sched_domain_debugfs
CVE-2022-48698drm/amd/display: fix memory leak when using debugfs_lookup()
CVE-2022-48697nvmet: fix a use-after-free
CVE-2022-48696regmap: spi: Reserve space for register address/padding
CVE-2022-48694RDMA/irdma: Fix drain SQ hang with no completion
CVE-2022-48670peci: cpu: Fix use-after-free in adev_release()
CVE-2022-48692RDMA/srp: Set scmnd->result only when scmnd is not NULL
CVE-2022-48691netfilter: nf_tables: clean up hook list when offload flags check fails
CVE-2022-48689tcp: TX zerocopy should not sense pfmemalloc status
CVE-2022-48688i40e: Fix kernel crash during module removal
CVE-2022-48687ipv6: sr: fix out-of-bounds read when setting HMAC data.
CVE-2022-48686nvme-tcp: fix UAF when detecting digest errors
CVE-2022-48675IB/core: Fix a nested dead lock as part of ODP flow

Showing top 20 of 25 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2022-48701

No comments yet

Leave a comment