{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2022-48702",
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "state": "PUBLISHED",
        "assignerShortName": "Linux",
        "dateReserved": "2024-05-03T14:55:07.146Z",
        "datePublished": "2024-05-03T15:13:10.363Z",
        "dateUpdated": "2024-08-03T15:17:55.829Z"
    },
    "containers": {
        "cna": {
            "providerMetadata": {
                "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
                "shortName": "Linux",
                "dateUpdated": "2024-05-29T05:11:36.968Z"
            },
            "descriptions": [
                {
                    "lang": "en",
                    "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()\n\nThe voice allocator sometimes begins allocating from near the end of the\narray and then wraps around, however snd_emu10k1_pcm_channel_alloc()\naccesses the newly allocated voices as if it never wrapped around.\n\nThis results in out of bounds access if the first voice has a high enough\nindex so that first_voice + requested_voice_count > NUM_G (64).\nThe more voices are requested, the more likely it is for this to occur.\n\nThis was initially discovered using PipeWire, however it can be reproduced\nby calling aplay multiple times with 16 channels:\naplay -r 48000 -D plughw:CARD=Live,DEV=3 -c 16 /dev/zero\n\nUBSAN: array-index-out-of-bounds in sound/pci/emu10k1/emupcm.c:127:40\nindex 65 is out of range for type 'snd_emu10k1_voice [64]'\nCPU: 1 PID: 31977 Comm: aplay Tainted: G        W IOE      6.0.0-rc2-emu10k1+ #7\nHardware name: ASUSTEK COMPUTER INC P5W DH Deluxe/P5W DH Deluxe, BIOS 3002    07/22/2010\nCall Trace:\n<TASK>\ndump_stack_lvl+0x49/0x63\ndump_stack+0x10/0x16\nubsan_epilogue+0x9/0x3f\n__ubsan_handle_out_of_bounds.cold+0x44/0x49\nsnd_emu10k1_playback_hw_params+0x3bc/0x420 [snd_emu10k1]\nsnd_pcm_hw_params+0x29f/0x600 [snd_pcm]\nsnd_pcm_common_ioctl+0x188/0x1410 [snd_pcm]\n? exit_to_user_mode_prepare+0x35/0x170\n? do_syscall_64+0x69/0x90\n? syscall_exit_to_user_mode+0x26/0x50\n? do_syscall_64+0x69/0x90\n? exit_to_user_mode_prepare+0x35/0x170\nsnd_pcm_ioctl+0x27/0x40 [snd_pcm]\n__x64_sys_ioctl+0x95/0xd0\ndo_syscall_64+0x5c/0x90\n? do_syscall_64+0x69/0x90\n? do_syscall_64+0x69/0x90\nentry_SYSCALL_64_after_hwframe+0x63/0xcd"
                }
            ],
            "affected": [
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "unaffected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "sound/pci/emu10k1/emupcm.c"
                    ],
                    "versions": [
                        {
                            "version": "1da177e4c3f4",
                            "lessThan": "637c5310acb4",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "1da177e4c3f4",
                            "lessThan": "6b0e260ac3cf",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "1da177e4c3f4",
                            "lessThan": "88aac6684cf8",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "1da177e4c3f4",
                            "lessThan": "45321a7d02b7",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "1da177e4c3f4",
                            "lessThan": "39a90720f3ab",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "1da177e4c3f4",
                            "lessThan": "45814a53514e",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "1da177e4c3f4",
                            "lessThan": "4204a01ffce9",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "1da177e4c3f4",
                            "lessThan": "d29f59051d3a",
                            "status": "affected",
                            "versionType": "git"
                        }
                    ]
                },
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "affected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "sound/pci/emu10k1/emupcm.c"
                    ],
                    "versions": [
                        {
                            "version": "4.9.328",
                            "lessThanOrEqual": "4.9.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "4.14.293",
                            "lessThanOrEqual": "4.14.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "4.19.258",
                            "lessThanOrEqual": "4.19.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.4.213",
                            "lessThanOrEqual": "5.4.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.10.143",
                            "lessThanOrEqual": "5.10.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.15.68",
                            "lessThanOrEqual": "5.15.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.19.9",
                            "lessThanOrEqual": "5.19.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.0",
                            "lessThanOrEqual": "*",
                            "status": "unaffected",
                            "versionType": "original_commit_for_fix"
                        }
                    ]
                }
            ],
            "references": [
                {
                    "url": "https://git.kernel.org/stable/c/637c5310acb48fffcc5657568db3f3e9bc719bfa"
                },
                {
                    "url": "https://git.kernel.org/stable/c/6b0e260ac3cf289e38446552461caa65e6dab275"
                },
                {
                    "url": "https://git.kernel.org/stable/c/88aac6684cf8bc885cca15463cb4407e91f28ff7"
                },
                {
                    "url": "https://git.kernel.org/stable/c/45321a7d02b7cf9b3f97e3987fc1e4d649b82da2"
                },
                {
                    "url": "https://git.kernel.org/stable/c/39a90720f3abe96625d1224e7a7463410875de4c"
                },
                {
                    "url": "https://git.kernel.org/stable/c/45814a53514e10a8014906c882e0d0d38df39cc1"
                },
                {
                    "url": "https://git.kernel.org/stable/c/4204a01ffce97cae1d59edc5848f02be5b2b9178"
                },
                {
                    "url": "https://git.kernel.org/stable/c/d29f59051d3a07b81281b2df2b8c9dfe4716067f"
                }
            ],
            "title": "ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()",
            "x_generator": {
                "engine": "bippy-a5840b7849dd"
            }
        },
        "adp": [
            {
                "title": "CISA ADP Vulnrichment",
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "id": "CVE-2022-48702",
                                "role": "CISA Coordinator",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "version": "2.0.3",
                                "timestamp": "2024-05-09T18:37:27.683467Z"
                            }
                        }
                    }
                ],
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-06-04T17:16:45.700Z"
                }
            },
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-03T15:17:55.829Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "url": "https://git.kernel.org/stable/c/637c5310acb48fffcc5657568db3f3e9bc719bfa",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/6b0e260ac3cf289e38446552461caa65e6dab275",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/88aac6684cf8bc885cca15463cb4407e91f28ff7",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/45321a7d02b7cf9b3f97e3987fc1e4d649b82da2",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/39a90720f3abe96625d1224e7a7463410875de4c",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/45814a53514e10a8014906c882e0d0d38df39cc1",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/4204a01ffce97cae1d59edc5848f02be5b2b9178",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/d29f59051d3a07b81281b2df2b8c9dfe4716067f",
                        "tags": [
                            "x_transferred"
                        ]
                    }
                ]
            }
        ]
    }
}