CVE-2022-50866

Vulnerability

In the Linux kernel's ASoC (ALSA System on Chip) subsystem for the PXA architecture, the filter() function in the PXA I2S audio support calls kasprintf() to allocate a string. If kasprintf() fails due to memory pressure (kmalloc failure), it returns a NULL pointer. The code then passes this NULL pointer to strcmp() without a check, leading to a null-pointer dereference and a kernel crash.

Exploitation

This vulnerability is triggered when the kernel runs low on memory, causing kasprintf() to fail. An attacker with local access and the ability to trigger audio device operations (e.g., via ALSA ioctls) could exploit this condition. No special privileges beyond normal user access to the audio subsystem are required.

Impact

A successful null-pointer dereference results in a kernel crash (kernel panic) or system crash, leading to a denial of service (DoS). The vulnerability does not allow an unprivileged user to crash the system, impacting availability.

Mitigation

The fix adds a NULL check after kasprintf() to check for NULL before calling strcmp(). Patches have been applied to the stable kernel branches as referenced in the commit history [1][2][3]. Users should update to a patched kernel version.