CVE-2022-3303

Summary

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition

Affected Software

VendorProductVersion RangeStatus
n/aLinux kernelFixed in kernel 6.0-rc5affected

Weaknesses

  • CWE-667: CWE-667->CWE-362->CWE-476

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References