CVE-2022-50698

Vulnerability

In the Linux kernel, the ASoC (ALSA System on Chip) driver for the Dialog Semiconductor DA7219 audio codec contains an error handling flaw in the da7219_register_dai_clks() function. When clk_hw_register() fails during the registration of clock hardware, the driver incorrectly attempts to unregister the corresponding clock that was never successfully registered. This can lead to a use-after-free condition because the clock object may not be properly initialized or may have been partially cleaned up.

Exploitation

An attacker would need to trigger a failure in clk_hw_register() within the DA7219 driver, which could occur under specific hardware or system conditions. The vulnerability is in the kernel driver, so exploitation requires local access or the ability to influence the clock registration process. No special privileges are needed beyond the ability to cause the driver to load and fail.

Impact

If successfully triggered, the use-after-free can cause a kernel crash (denial of service) or potentially allow an attacker to execute arbitrary code with kernel privileges. The impact is limited to systems using the DA7219 audio codec with the affected kernel versions.

Mitigation

The fix, introduced in Linux kernel stable updates, adds a proper unwind loop using clk_hw_unregister() only for successfully registered clocks. The patch ensures that partial iterations are cleaned up correctly before jumping to the error path. Users should update to a kernel version containing the commit [1] or [2].