{"vulnerability": "CVE-2022-49733", "sightings": [{"uuid": "994adf50-065c-41cb-8a34-1690e5233aa5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49733", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljftnubptf2a", "content": "", "creation_timestamp": "2025-03-02T16:19:33.350935Z"}, {"uuid": "cc35d29f-dace-492f-a026-2c113cb239f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49733", "type": "seen", "source": "https://t.me/cvedetector/19257", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-49733 - ALSA OSS PCM Null Pointer Dereference Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-49733 \nPublished : March 2, 2025, 3:15 p.m. | 21\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC  \n  \nThere is a small race window at snd_pcm_oss_sync() that is called from  \nOSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls  \nsnd_pcm_oss_make_ready() at first, then takes the params_lock mutex  \nfor the rest.  When the stream is set up again by another thread  \nbetween them, it leads to inconsistency, and may result in unexpected  \nresults such as NULL dereference of OSS buffer as a fuzzer spotted  \nrecently.  \n  \nThe fix is simply to cover snd_pcm_oss_make_ready() call into the same  \nparams_lock mutex with snd_pcm_oss_make_ready_locked() variant. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-02T16:56:28.000000Z"}, {"uuid": "bac988b8-91da-4a09-8304-a7a85d3bf736", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49733", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6099", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49733\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC\n\nThere is a small race window at snd_pcm_oss_sync() that is called from\nOSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls\nsnd_pcm_oss_make_ready() at first, then takes the params_lock mutex\nfor the rest.  When the stream is set up again by another thread\nbetween them, it leads to inconsistency, and may result in unexpected\nresults such as NULL dereference of OSS buffer as a fuzzer spotted\nrecently.\n\nThe fix is simply to cover snd_pcm_oss_make_ready() call into the same\nparams_lock mutex with snd_pcm_oss_make_ready_locked() variant.\n\ud83d\udccf Published: 2025-03-02T14:30:02.838Z\n\ud83d\udccf Modified: 2025-03-02T14:30:02.838Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/4051324a6dafd7053c74c475e80b3ba10ae672b0\n2. https://git.kernel.org/stable/c/fce793a056c604b41a298317cf704dae255f1b36\n3. https://git.kernel.org/stable/c/8015ef9e8a0ee5cecfd0cb6805834d007ab26f86\n4. https://git.kernel.org/stable/c/723ac5ab2891b6c10dd6cc78ef5456af593490eb\n5. https://git.kernel.org/stable/c/8423f0b6d513b259fdab9c9bf4aaa6188d054c2d", "creation_timestamp": "2025-03-02T15:32:09.000000Z"}]}