CVE-2022-49617

EUVD-2022-54615
In the Linux kernel, the following vulnerability has been resolved:

ASoC: Intel: sof_sdw: handle errors on card registration

If the card registration fails, typically because of deferred probes,
the device properties added for headset codecs are not removed, which
leads to kernel oopses in driver bind/unbind tests.

We already clean-up the device properties when the card is removed,
this code can be moved as a helper and called upon card registration
errors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
5.7 ≤
𝑥
< 5.15.56
linuxlinux_kernel
5.16 ≤
𝑥
< 5.18.13
linuxlinux_kernel
5.19:rc1
linuxlinux_kernel
5.19:rc2
linuxlinux_kernel
5.19:rc3
linuxlinux_kernel
5.19:rc4
linuxlinux_kernel
5.19:rc5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.123-1
fixed
bookworm (security)
6.1.128-1
fixed
bullseye
vulnerable
bullseye (security)
vulnerable
sid
6.12.16-1
fixed
trixie
6.12.12-1
fixed
References
https://git.kernel.org/stable/c/09bca0ffc95c50369f1345d80ecfaca51864126f
https://git.kernel.org/stable/c/f2556ce6b35ae0fc72000a4daa21ded12665e2f2
https://git.kernel.org/stable/c/fe154c4ff376bc31041c6441958a08243df09c99