{"id":"CVE-2022-50229","summary":"ALSA: bcd2000: Fix a UAF bug on the error path of probing","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: bcd2000: Fix a UAF bug on the error path of probing\n\nWhen the driver fails in snd_card_register() at probe time, it will free\nthe 'bcd2k-\u003emidi_out_urb' before killing it, which may cause a UAF bug.\n\nThe following log can reveal it:\n\n[   50.727020] BUG: KASAN: use-after-free in bcd2000_input_complete+0x1f1/0x2e0 [snd_bcd2000]\n[   50.727623] Read of size 8 at addr ffff88810fab0e88 by task swapper/4/0\n[   50.729530] Call Trace:\n[   50.732899]  bcd2000_input_complete+0x1f1/0x2e0 [snd_bcd2000]\n\nFix this by adding usb_kill_urb() before usb_free_urb().","modified":"2026-04-03T13:14:27.563240Z","published":"2025-06-18T11:04:06.069Z","related":["SUSE-SU-2025:02264-1","SUSE-SU-2025:02308-1","SUSE-SU-2025:02320-1","SUSE-SU-2025:02321-1","SUSE-SU-2025:02322-1","SUSE-SU-2025:02537-1","SUSE-SU-2025:03204-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50229.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/05e0bb8c3c4dde3e21b9c1cf9395afb04e8b24db"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1d6a246cf97c380f2da76591f03019dd9c9599c3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/348620464a5c127399ac09b266f494f393661952"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4fc41f7ebb7efca282f1740ea934d16f33c1d109"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5e7338f4dd92b2f8915a82abfa1dd3ad3464bea0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/64ca7f50ad96c2c65ae390b954925a36eabe04aa"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a718eba7e458e2f40531be3c6b6a0028ca7fcace"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b0d4af0a4763ddc02344789ef2a281c494bc330d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ffb2759df7efbc00187bfd9d1072434a13a54139"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50229.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50229"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"b47a22290d581277be70e8a597824a4985d39e83"},{"fixed":"a718eba7e458e2f40531be3c6b6a0028ca7fcace"},{"fixed":"4fc41f7ebb7efca282f1740ea934d16f33c1d109"},{"fixed":"5e7338f4dd92b2f8915a82abfa1dd3ad3464bea0"},{"fixed":"05e0bb8c3c4dde3e21b9c1cf9395afb04e8b24db"},{"fixed":"348620464a5c127399ac09b266f494f393661952"},{"fixed":"64ca7f50ad96c2c65ae390b954925a36eabe04aa"},{"fixed":"1d6a246cf97c380f2da76591f03019dd9c9599c3"},{"fixed":"b0d4af0a4763ddc02344789ef2a281c494bc330d"},{"fixed":"ffb2759df7efbc00187bfd9d1072434a13a54139"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50229.json"}}],"schema_version":"1.7.5"}