SB20250619161 - Use-after-free in Linux kernel usb bcd2000

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2022-50229)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bcd2000_init_midi() function in sound/usb/bcd2000/bcd2000.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/05e0bb8c3c4dde3e21b9c1cf9395afb04e8b24db
• https://git.kernel.org/stable/c/1d6a246cf97c380f2da76591f03019dd9c9599c3
• https://git.kernel.org/stable/c/348620464a5c127399ac09b266f494f393661952
• https://git.kernel.org/stable/c/4fc41f7ebb7efca282f1740ea934d16f33c1d109
• https://git.kernel.org/stable/c/5e7338f4dd92b2f8915a82abfa1dd3ad3464bea0
• https://git.kernel.org/stable/c/64ca7f50ad96c2c65ae390b954925a36eabe04aa
• https://git.kernel.org/stable/c/a718eba7e458e2f40531be3c6b6a0028ca7fcace
• https://git.kernel.org/stable/c/b0d4af0a4763ddc02344789ef2a281c494bc330d
• https://git.kernel.org/stable/c/ffb2759df7efbc00187bfd9d1072434a13a54139
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.291
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.256
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.326
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.137
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.61
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.18
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.211
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0