GHSA-R7MG-9735-2673
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-06-18 12:30In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda: Fix page fault in snd_hda_codec_shutdown()
If early probe of HDAudio bus driver fails e.g.: due to missing firmware file, snd_hda_codec_shutdown() ends in manipulating uninitialized codec->pcm_list_head causing page fault.
Iinitialization of HDAudio codec in ASoC is split in two: - snd_hda_codec_device_init() - snd_hda_codec_device_new()
snd_hda_codec_device_init() is called during probe_codecs() by HDAudio bus driver while snd_hda_codec_device_new() is called by codec-component's ->probe(). The second call will not happen until all components required by related sound card are present within the ASoC framework. With firmware failing to load during the PCI's deferred initialization i.e.: probe_work(), no platform components are ever registered. HDAudio codec enumeration is done at that point though, so the codec components became registered to ASoC framework, calling snd_hda_codec_device_init() in the process.
Now, during platform reboot snd_hda_codec_shutdown() is called for every codec found on the HDAudio bus causing oops if any of them has not completed both of their initialization steps. Relocating field initialization fixes the issue.
{
"affected": [],
"aliases": [
"CVE-2022-50018"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T11:15:29Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: Fix page fault in snd_hda_codec_shutdown()\n\nIf early probe of HDAudio bus driver fails e.g.: due to missing\nfirmware file, snd_hda_codec_shutdown() ends in manipulating\nuninitialized codec-\u003epcm_list_head causing page fault.\n\nIinitialization of HDAudio codec in ASoC is split in two:\n- snd_hda_codec_device_init()\n- snd_hda_codec_device_new()\n\nsnd_hda_codec_device_init() is called during probe_codecs() by HDAudio\nbus driver while snd_hda_codec_device_new() is called by\ncodec-component\u0027s -\u003eprobe(). The second call will not happen until all\ncomponents required by related sound card are present within the ASoC\nframework. With firmware failing to load during the PCI\u0027s deferred\ninitialization i.e.: probe_work(), no platform components are ever\nregistered. HDAudio codec enumeration is done at that point though, so\nthe codec components became registered to ASoC framework, calling\nsnd_hda_codec_device_init() in the process.\n\nNow, during platform reboot snd_hda_codec_shutdown() is called for every\ncodec found on the HDAudio bus causing oops if any of them has not\ncompleted both of their initialization steps. Relocating field\ninitialization fixes the issue.",
"id": "GHSA-r7mg-9735-2673",
"modified": "2025-06-18T12:30:42Z",
"published": "2025-06-18T12:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50018"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/980b3a8790b402e959a6d773b38b771019682be1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e02db5c2c2ee15bc9a9ec8a86a614fd091e584dc"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.