Cyber Resilience

CVE-2022-49291

High

Published: 26 February 2025

Published
26 February 2025
Modified
25 March 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 5.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49291 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 5.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-41 (Port and I/O Device Access).

Deeper analysis

CVE-2022-49291 is a race condition vulnerability in the Linux kernel's ALSA PCM subsystem, specifically involving concurrent calls to the hw_params and hw_free ioctls. Without proper synchronization, these operations can lead to a use-after-free (UAF) condition, as the existing PCM stream lock does not protect the full ioctl paths. The issue affects Linux kernel versions prior to the application of the fixing commits and is classified under CWE-416 with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability by triggering concurrent hw_params and hw_free operations on a PCM device. Successful exploitation of the race condition results in a UAF, enabling potential high-impact consequences such as arbitrary code execution, data corruption, or system crashes due to the elevated confidentiality, integrity, and availability impacts indicated by the CVSS score.

The provided kernel stable commit references detail the mitigation, which introduces a new mutex (runtime->buffer_mutex) to serialize hw_params and hw_free ioctl paths, along with minor code adjustments like moving the mmap_count check into the state-check block for simplicity. Security practitioners should ensure affected systems apply these patches from the referenced commits to prevent exploitation.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls Currently we have neither proper check nor protection against the concurrent calls of PCM hw_params and hw_free ioctls, which may…

more

result in a UAF. Since the existing PCM stream lock can't be used for protecting the whole ioctl operations, we need a new mutex to protect those racy calls. This patch introduced a new mutex, runtime->buffer_mutex, and applies it to both hw_params and hw_free ioctl code paths. Along with it, the both functions are slightly modified (the mmap_count check is moved into the state-check block) for code simplicity.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel UAF race condition in ALSA PCM directly enables privilege escalation via arbitrary code execution in kernel context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2023-52974Same product: Linux Linux Kernel
CVE-2026-43019Same product: Linux Linux Kernel
CVE-2026-23158Same product: Linux Linux Kernel
CVE-2025-21893Same product: Linux Linux Kernel
CVE-2026-31446Same product: Linux Linux Kernel
CVE-2022-49176Same product: Linux Linux Kernel
CVE-2026-31650Same product: Linux Linux Kernel
CVE-2026-23001Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
≤ 4.14.279 · 4.15 — 4.19.243 · 4.20 — 5.4.193

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the race condition in ALSA PCM by applying the kernel patch that introduces runtime->buffer_mutex to serialize hw_params and hw_free ioctls, preventing UAF.

prevent

Kernel memory protections like ASLR, SMEP, and SMAP mitigate exploitation of the UAF resulting from the concurrent ioctl race condition.

prevent

Restricts low-privilege local access to ALSA PCM I/O devices, preventing attackers from issuing the concurrent hw_params and hw_free ioctls that trigger the race.

References