CVE-2022-3303Improper Locking in Kernel

CWE-667Improper LockingCWE-362Race ConditionCWE-476NULL Pointer Dereference34 documents8 sources
Severity
4.7MEDIUMNVD
OSV7.8OSV7.0OSV5.9OSV5.5
EPSS
0.0%
top 96.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelDebian LinuxDebian Linux+2 more
Timeline
PublishedSep 27
Latest updateJul 26

Description

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages7 packages

NVDlinux/linux_kernel< 6.0+1
Debianlinux/linux_kernel< 5.10.149-1+3
Ubuntulinux/linux_kernel< 5.4.0-136.153+3
CVEListV5linux/linux_kernelFixed in kernel 6.0-rc5
debiandebian/linux< linux 5.19.11-1 (bookworm)

Also affects: Debian Linux 10.0, 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

13
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon vulnerabilities2023-07-26
OSV
linux-oem-5.17 vulnerabilities2023-05-10
OSV
linux, linux-kvm, linux-lts-xenial vulnerabilities2023-04-12
OSV
linux-aws vulnerabilities2023-04-06
OSV
linux-gke-5.15 vulnerabilities2023-02-15

📋Vendor Advisories

20
Ubuntu
Linux kernel vulnerabilities2023-07-26
CISA ICS
Siemens SIMATIC S7-1500 TM MFP Linux Kernel2023-06-15
Ubuntu
Linux kernel (OEM) vulnerabilities2023-05-10
Ubuntu
Linux kernel (AWS) vulnerabilities2023-04-12
Ubuntu
Linux kernel vulnerabilities2023-04-12
CVE-2022-3303 — Improper Locking in Linux Kernel | cvebase