{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49617", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T02:21:30.419Z", "datePublished": "2025-02-26T02:23:36.654Z", "dateUpdated": "2025-05-04T08:41:52.791Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:41:52.791Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: sof_sdw: handle errors on card registration\n\nIf the card registration fails, typically because of deferred probes,\nthe device properties added for headset codecs are not removed, which\nleads to kernel oopses in driver bind/unbind tests.\n\nWe already clean-up the device properties when the card is removed,\nthis code can be moved as a helper and called upon card registration\nerrors."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/intel/boards/sof_sdw.c"], "versions": [{"version": "52db12d193d45728e738df6119702cba08fd46a2", "lessThan": "f2556ce6b35ae0fc72000a4daa21ded12665e2f2", "status": "affected", "versionType": "git"}, {"version": "52db12d193d45728e738df6119702cba08fd46a2", "lessThan": "09bca0ffc95c50369f1345d80ecfaca51864126f", "status": "affected", "versionType": "git"}, {"version": "52db12d193d45728e738df6119702cba08fd46a2", "lessThan": "fe154c4ff376bc31041c6441958a08243df09c99", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/intel/boards/sof_sdw.c"], "versions": [{"version": "5.7", "status": "affected"}, {"version": "0", "lessThan": "5.7", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.56", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18.13", "lessThanOrEqual": "5.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "5.15.56"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "5.18.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "5.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/f2556ce6b35ae0fc72000a4daa21ded12665e2f2"}, {"url": "https://git.kernel.org/stable/c/09bca0ffc95c50369f1345d80ecfaca51864126f"}, {"url": "https://git.kernel.org/stable/c/fe154c4ff376bc31041c6441958a08243df09c99"}], "title": "ASoC: Intel: sof_sdw: handle errors on card registration", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "095B804B-47EB-4492-8388-F0F473E6081F", "versionEndExcluding": "5.15.56", "versionStartIncluding": "5.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "640221A7-96EE-4B48-8FE1-BA810131789B", "versionEndExcluding": "5.18.13", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "A8C30C2D-F82D-4D37-AB48-D76ABFBD5377", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "BF8547FC-C849-4F1B-804B-A93AE2F04A92", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F3068028-F453-4A1C-B80F-3F5609ACEF60", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "2E9C0DB0-D349-489F-A3D6-B77214E93A8A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "1A0DE3B7-0FFB-45AA-9BD6-19870CA7C6FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: sof_sdw: handle errors on card registration\n\nIf the card registration fails, typically because of deferred probes,\nthe device properties added for headset codecs are not removed, which\nleads to kernel oopses in driver bind/unbind tests.\n\nWe already clean-up the device properties when the card is removed,\nthis code can be moved as a helper and called upon card registration\nerrors."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: Intel: sof_sdw: gesti\u00f3n de errores en el registro de la tarjeta Si el registro de la tarjeta falla, generalmente debido a sondeos diferidos, las propiedades del dispositivo agregadas para los c\u00f3decs de auriculares no se eliminan, lo que genera errores del kernel en las pruebas de vinculaci\u00f3n/desvinculaci\u00f3n del controlador. Ya limpiamos las propiedades del dispositivo cuando se quita la tarjeta, este c\u00f3digo se puede mover como ayudante y llamar en caso de errores de registro de la tarjeta."}], "id": "CVE-2022-49617", "lastModified": "2025-10-23T12:08:55.163", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-26T07:01:37.107", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/09bca0ffc95c50369f1345d80ecfaca51864126f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f2556ce6b35ae0fc72000a4daa21ded12665e2f2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fe154c4ff376bc31041c6441958a08243df09c99"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ASoC: Intel: sof_sdw: handle errors on card registration", "id": "2347995", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347995"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nASoC: Intel: sof_sdw: handle errors on card registration\nIf the card registration fails, typically because of deferred probes,\nthe device properties added for headset codecs are not removed, which\nleads to kernel oopses in driver bind/unbind tests.\nWe already clean-up the device properties when the card is removed,\nthis code can be moved as a helper and called upon card registration\nerrors.", "A flaw was found in the Intel SoundWire (sof_sdw) driver within the Linux kernel's ASoC subsystem. When a sound card registration fails, often due to deferred probing, the driver does not clean up associated device properties for headset codecs. This incomplete cleanup can lead to kernel crashes during subsequent device binding or unbinding operations.\nThe underlying issue stems from the absence of proper error-handling logic in the registration process. A fix was introduced by adding a helper function that ensures all device properties are removed correctly, both during normal removal and when registration fails."], "name": "CVE-2022-49617", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49617\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49617\nhttps://lore.kernel.org/linux-cve-announce/2025022614-CVE-2022-49617-44c8@gregkh/T"], "threat_severity": "Moderate"}