CVE-2022-49252
Published: 26 February 2025
Description
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type Accessing enums using integer would result in array out of bounds access on platforms like aarch64 where sizeof(long) is 8 compared to enum size which is 4 bytes.
Security Summary
CVE-2022-49252 is a vulnerability in the Linux kernel's ASoC (ALSA System on Chip) rx-macro codec driver, where accessing enums using integers leads to out-of-bounds array access. This issue arises on platforms like aarch64, where the size of a long (8 bytes) exceeds the enum size (4 bytes), potentially causing memory corruption. The vulnerability is classified under CWE-125 (Out-of-bounds Read) with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact confidentiality violations, such as reading sensitive kernel memory, and high-impact availability disruptions, like denial of service through crashes or memory corruption, without affecting integrity or changing scope.
Mitigation involves applying the relevant stable kernel patches, as detailed in the upstream commit references: 7e3629e256d1cabf801d00050550ade4d036cafe, aed43e92e4b9187029903880d5db608f7fa1c53c, bcfe5f76cc4051ea3f9eb5d2c8ea621641f290a5, and eb15c6ea692fd88d70698d874d9a0d667fb4cde9. Security practitioners should update affected Linux kernel versions to incorporate these fixes.
Details
- CWE(s)