CVE-2022-3303

2022-09-2700:00:00

ubuntu.com

linux

kernel

sound

race condition

crash

denial of service

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

A race condition flaw was found in the Linux kernel sound subsystem due to
improper locking. It could lead to a NULL pointer dereference while
handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member
of the audio group) could use this flaw to crash the system, resulting in a
denial of service condition

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-214.225UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-136.153UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-57.63UNKNOWN
ubuntu22.10noarchlinux< 5.19.0-28.29UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-239.273UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1159.172UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1093.101UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1027.31UNKNOWN
ubuntu22.10noarchlinux-aws< 5.19.0-1016.17UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1117.123UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< 4.15.0-214.225	UNKNOWN
ubuntu	20.04	noarch	linux	< 5.4.0-136.153	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-57.63	UNKNOWN
ubuntu	22.10	noarch	linux	< 5.19.0-28.29	UNKNOWN
ubuntu	16.04	noarch	linux	< 4.4.0-239.273	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< 4.15.0-1159.172	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1093.101	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1027.31	UNKNOWN
ubuntu	22.10	noarch	linux-aws	< 5.19.0-1016.17	UNKNOWN
ubuntu	14.04	noarch	linux-aws	< 4.4.0-1117.123	UNKNOWN