CVE-2022-50018 - Vulnerability Details

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://lore.kernel.org/linux-cve-announce/2025061834-CVE-2022-50018-1fab@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-50018
https://www.cve.org/CVERecord?id=CVE-2022-50018

History

Tue, 08 Jul 2025 14:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-909
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}`

Fri, 20 Jun 2025 14:15:00 +0000

Type	Values Removed	Values Added
Title		kernel: ALSA: hda: Fix page fault in snd_hda_codec_shutdown()
References		https://lore.kernel.org/linux-cve-announce/2025061834-CVE-2022-50018-1fab@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-50018 https://www.cve.org/CVERecord?id=CVE-2022-50018
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 18 Jun 2025 14:30:00 +0000

Type	Values Removed	Values Added
References	https://git.kernel.org/stable/c/980b3a8790b402e959a6d773b38b771019682be1 https://git.kernel.org/stable/c/e02db5c2c2ee15bc9a9ec8a86a614fd091e584dc

Wed, 18 Jun 2025 14:15:00 +0000

Type	Values Removed	Values Added
Description	In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix page fault in snd_hda_codec_shutdown() If early probe of HDAudio bus driver fails e.g.: due to missing firmware file, snd_hda_codec_shutdown() ends in manipulating uninitialized codec->pcm_list_head causing page fault. Iinitialization of HDAudio codec in ASoC is split in two: - snd_hda_codec_device_init() - snd_hda_codec_device_new() snd_hda_codec_device_init() is called during probe_codecs() by HDAudio bus driver while snd_hda_codec_device_new() is called by codec-component's ->probe(). The second call will not happen until all components required by related sound card are present within the ASoC framework. With firmware failing to load during the PCI's deferred initialization i.e.: probe_work(), no platform components are ever registered. HDAudio codec enumeration is done at that point though, so the codec components became registered to ASoC framework, calling snd_hda_codec_device_init() in the process. Now, during platform reboot snd_hda_codec_shutdown() is called for every codec found on the HDAudio bus causing oops if any of them has not completed both of their initialization steps. Relocating field initialization fixes the issue.	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Title	ALSA: hda: Fix page fault in snd_hda_codec_shutdown()

Wed, 18 Jun 2025 11:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix page fault in snd_hda_codec_shutdown() If early probe of HDAudio bus driver fails e.g.: due to missing firmware file, snd_hda_codec_shutdown() ends in manipulating uninitialized codec->pcm_list_head causing page fault. Iinitialization of HDAudio codec in ASoC is split in two: - snd_hda_codec_device_init() - snd_hda_codec_device_new() snd_hda_codec_device_init() is called during probe_codecs() by HDAudio bus driver while snd_hda_codec_device_new() is called by codec-component's ->probe(). The second call will not happen until all components required by related sound card are present within the ASoC framework. With firmware failing to load during the PCI's deferred initialization i.e.: probe_work(), no platform components are ever registered. HDAudio codec enumeration is done at that point though, so the codec components became registered to ASoC framework, calling snd_hda_codec_device_init() in the process. Now, during platform reboot snd_hda_codec_shutdown() is called for every codec found on the HDAudio bus causing oops if any of them has not completed both of their initialization steps. Relocating field initialization fixes the issue.
Title		ALSA: hda: Fix page fault in snd_hda_codec_shutdown()
References		https://git.kernel.org/stable/c/980b3a8790b402e959a6d773b38b771019682be1 https://git.kernel.org/stable/c/e02db5c2c2ee15bc9a9ec8a86a614fd091e584dc

MITRE

Status: REJECTED

Assigner: Linux

Published: 2025-06-18T11:01:22.276Z

Updated: 2025-06-18T14:10:04.415Z

Reserved: 2025-06-18T10:57:27.393Z

Link: CVE-2022-50018

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2025-06-18T11:15:29.923

Modified: 2025-06-18T14:15:24.040

Link: CVE-2022-50018

Redhat

Severity : Moderate

Publid Date: 2025-06-18T00:00:00Z

Links: CVE-2022-50018 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object