SB2025030658 - NULL pointer dereference in Linux kernel core oss
Published: March 6, 2025 Updated: May 11, 2025
Security Bulletin ID
SB2025030658
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2022-49733)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_pcm_oss_sync() function in sound/core/oss/pcm_oss.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/4051324a6dafd7053c74c475e80b3ba10ae672b0
- https://git.kernel.org/stable/c/723ac5ab2891b6c10dd6cc78ef5456af593490eb
- https://git.kernel.org/stable/c/8015ef9e8a0ee5cecfd0cb6805834d007ab26f86
- https://git.kernel.org/stable/c/8423f0b6d513b259fdab9c9bf4aaa6188d054c2d
- https://git.kernel.org/stable/c/fce793a056c604b41a298317cf704dae255f1b36
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.148