CVE-2022-50773
Unknown Unknown - Not Provided
Null Pointer Dereference in Linux ALSA snd_mts64 Causes Kernel Panic

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt I got a null-ptr-defer error report when I do the following tests on the qemu platform: make defconfig and CONFIG_PARPORT=m, CONFIG_PARPORT_PC=m, CONFIG_SND_MTS64=m Then making test scripts: cat>test_mod1.sh<<EOF modprobe snd-mts64 modprobe snd-mts64 EOF Executing the script, perhaps several times, we will get a null-ptr-defer report, as follow: syzkaller:~# ./test_mod.sh snd_mts64: probe of snd_mts64.0 failed with error -5 modprobe: ERROR: could not insert 'snd_mts64': No such device BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP PTI CPU: 0 PID: 205 Comm: modprobe Not tainted 6.1.0-rc8-00588-g76dcd734eca2 #6 Call Trace: <IRQ> snd_mts64_interrupt+0x24/0xa0 [snd_mts64] parport_irq_handler+0x37/0x50 [parport] __handle_irq_event_percpu+0x39/0x190 handle_irq_event_percpu+0xa/0x30 handle_irq_event+0x2f/0x50 handle_edge_irq+0x99/0x1b0 __common_interrupt+0x5d/0x100 common_interrupt+0xa0/0xc0 </IRQ> <TASK> asm_common_interrupt+0x22/0x40 RIP: 0010:_raw_write_unlock_irqrestore+0x11/0x30 parport_claim+0xbd/0x230 [parport] snd_mts64_probe+0x14a/0x465 [snd_mts64] platform_probe+0x3f/0xa0 really_probe+0x129/0x2c0 __driver_probe_device+0x6d/0xc0 driver_probe_device+0x1a/0xa0 __device_attach_driver+0x7a/0xb0 bus_for_each_drv+0x62/0xb0 __device_attach+0xe4/0x180 bus_probe_device+0x82/0xa0 device_add+0x550/0x920 platform_device_add+0x106/0x220 snd_mts64_attach+0x2e/0x80 [snd_mts64] port_check+0x14/0x20 [parport] bus_for_each_dev+0x6e/0xc0 __parport_register_driver+0x7c/0xb0 [parport] snd_mts64_module_init+0x31/0x1000 [snd_mts64] do_one_initcall+0x3c/0x1f0 do_init_module+0x46/0x1c6 load_module+0x1d8d/0x1e10 __do_sys_finit_module+0xa2/0xf0 do_syscall_64+0x37/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd </TASK> Kernel panic - not syncing: Fatal exception in interrupt Rebooting in 1 seconds.. The mts wa not initialized during interrupt, we add check for mts to fix this bug.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2022-50773
EUVD
EUVD-2022-55788
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a null pointer dereference in the ALSA mts64 driver in the Linux kernel. It occurs when the snd_mts64_interrupt function is called but the mts64 device was not properly initialized, leading to a null pointer dereference and a kernel panic. This happens when the snd-mts64 module is loaded multiple times without proper device initialization, causing the kernel to crash during interrupt handling.

Impact Analysis

This vulnerability can cause a kernel panic and system crash when the snd-mts64 module is loaded improperly or multiple times, leading to a denial of service. The system becomes unstable and may reboot unexpectedly, impacting availability and reliability.

Detection Guidance

This vulnerability can be detected by attempting to load the snd-mts64 kernel module multiple times and observing for null pointer dereference errors or kernel oops messages. For example, running a script that executes 'modprobe snd-mts64' repeatedly may trigger the error. The provided test script is: cat > test_mod1.sh <<EOF modprobe snd-mts64 modprobe snd-mts64 EOF Then execute: ./test_mod1.sh If the vulnerability is present, you may see errors such as 'snd_mts64: probe of snd_mts64.0 failed with error -5', 'modprobe: ERROR: could not insert 'snd_mts64': No such device', and kernel NULL pointer dereference oops messages.

Mitigation Strategies

Immediate mitigation involves applying the fix that adds a check for the mts initialization during interrupt handling to prevent the null pointer dereference. Until the fix is applied, avoid loading the snd-mts64 module repeatedly or on systems where the hardware is not properly initialized to prevent kernel crashes. Monitoring for kernel oops messages related to snd_mts64 can help identify attempts to trigger the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50773. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart