VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2022-50773

CVE-2022-50773

Description

In the Linux kernel, the following vulnerability has been resolved:

ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt

I got a null-ptr-defer error report when I do the following tests on the qemu platform:

make defconfig and CONFIG_PARPORT=m, CONFIG_PARPORT_PC=m, CONFIG_SND_MTS64=m

Then making test scripts: cat>test_mod1.sh<<EOF modprobe snd-mts64 modprobe snd-mts64 EOF

Executing the script, perhaps several times, we will get a null-ptr-defer report, as follow:

syzkaller:~# ./test_mod.sh snd_mts64: probe of snd_mts64.0 failed with error -5 modprobe: ERROR: could not insert 'snd_mts64': No such device BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP PTI CPU: 0 PID: 205 Comm: modprobe Not tainted 6.1.0-rc8-00588-g76dcd734eca2 #6 Call Trace:

snd_mts64_interrupt+0x24/0xa0 [snd_mts64] parport_irq_handler+0x37/0x50 [parport] __handle_irq_event_percpu+0x39/0x190 handle_irq_event_percpu+0xa/0x30 handle_irq_event+0x2f/0x50 handle_edge_irq+0x99/0x1b0 __common_interrupt+0x5d/0x100 common_interrupt+0xa0/0xc0

asm_common_interrupt+0x22/0x40 RIP: 0010:_raw_write_unlock_irqrestore+0x11/0x30 parport_claim+0xbd/0x230 [parport] snd_mts64_probe+0x14a/0x465 [snd_mts64] platform_probe+0x3f/0xa0 really_probe+0x129/0x2c0 __driver_probe_device+0x6d/0xc0 driver_probe_device+0x1a/0xa0 __device_attach_driver+0x7a/0xb0 bus_for_each_drv+0x62/0xb0 __device_attach+0xe4/0x180 bus_probe_device+0x82/0xa0 device_add+0x550/0x920 platform_device_add+0x106/0x220 snd_mts64_attach+0x2e/0x80 [snd_mts64] port_check+0x14/0x20 [parport] bus_for_each_dev+0x6e/0xc0 __parport_register_driver+0x7c/0xb0 [parport] snd_mts64_module_init+0x31/0x1000 [snd_mts64] do_one_initcall+0x3c/0x1f0 do_init_module+0x46/0x1c6 load_module+0x1d8d/0x1e10 __do_sys_finit_module+0xa2/0xf0 do_syscall_64+0x37/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Kernel panic - not syncing: Fatal exception in interrupt Rebooting in 1 seconds..

The mts wa not initialized during interrupt, we add check for mts to fix this bug.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A null pointer dereference vulnerability in the Linux kernel's snd-mts64 driver can be triggered by repeatedly loading the module, leading to a crash.

Root

Cause

The vulnerability is a null pointer dereference in the snd_mts64_interrupt function of the MTS64 sound driver in the Linux kernel. When the driver's probe function fails (e.g., due to missing hardware), the interrupt handler may still be invoked before the private data structure is properly initialized, causing a dereference of a NULL pointer [1][2].

Exploitation

An attacker with local access can trigger the vulnerability by repeatedly loading the snd-mts64 module (e.g., via modprobe) on a system where the parallel port is configured as a module. The race condition between module loading and interrupt handling leads to the null pointer dereference [3][4].

Impact

The kernel crashes with a NULL pointer dereference, resulting in a denial of service (DoS). There is no evidence of code execution or privilege escalation beyond the crash.

Mitigation

The Linux kernel has patched this issue in stable releases. Users should update to a kernel version containing the fix, which adds proper null pointer checks in the interrupt handler. The fix is included in commits [1], [2], [3], and [4] for various stable branches.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!
  4. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

9
06ec592389f2
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
b471fe61da52
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
7e91667db38a
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
c7e9624d90bf
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
064912935921
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
cba633b24a98
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
1a763c748acd
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
250eed7b9994
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
cf2ea3c86ad9
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

9

News mentions

0

No linked articles in our index yet.