CVE-2022-49615

Summary

In the Linux kernel, the following vulnerability has been resolved:

ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error

The initial settings will be written before the codec probe function. But, the rt711->component doesn't be assigned yet. If IO error happened during initial settings operations, it will cause the kernel panic. This patch changed component->dev to slave->dev to fix this issue.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7ad4d237e7c4a5dcc71cf438f646744b4484f1da < 269be8b2907378adf72d7347cfa43ef230351a06affected
LinuxLinux7ad4d237e7c4a5dcc71cf438f646744b4484f1da < 7bb71133cae88d3003a3490b97864af76533072baffected
LinuxLinux7ad4d237e7c4a5dcc71cf438f646744b4484f1da < 1df793d479bef546569fc2e409ff8bb3f0fb8e99affected
LinuxLinux5.13affected
LinuxLinux0 < 5.13unaffected
LinuxLinux5.15.56 <= 5.15.*unaffected
LinuxLinux5.18.13 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References