What the vulnerability does

01Description

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition

Key dates

02Disclosure timeline

September 27, 2022 CVE published
May 21, 2025 Record updated