SB20250226436 - NULL pointer dereference in Linux kernel core
Published: February 26, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250226436
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2022-49045)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_pcm_format_set_silence() function in sound/core/pcm_misc.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2f7a26abb8241a0208c68d22815aa247c5ddacab
- https://git.kernel.org/stable/c/377a80ca6590f40ec8a85227b889a5d399fe26c3
- https://git.kernel.org/stable/c/63038f6e96a77a0abf8083649c53e6a72c1a0124
- https://git.kernel.org/stable/c/77af45df08768401602472f3e3879dce14f55497
- https://git.kernel.org/stable/c/912797e54c99a98f0722f21313e13a3938bb6dba
- https://git.kernel.org/stable/c/97345c90235b1bb7661e7a428d9dcb96b1d7f5d4
- https://git.kernel.org/stable/c/c3b2f23bfe5452b00eb1c842bc71098449e4ad9f
- https://git.kernel.org/stable/c/eb04e3112a3516e483d60a9af9762961702a6c1b
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.239