[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-49272":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":39,"aliases":40,"duplicate_of":9,"upstream":41,"downstream":42,"duplicates":69,"related":70,"reserved_at":9,"published_at":80,"modified_at":81,"state":82,"summary":83,"references_raw":92,"kevs":127,"epss":128,"epss_history":131,"metrics":403,"affected":409},"CVE-2022-49272","In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock\n\nsyzbot caught a potential deadlock between the PCM\nruntime->buffer_mutex and the mm->mmap_lock.  It was brought by the\nrecent fix to cover the racy read/write and other ioctls, and in that\ncommit, I overlooked a (hopefully only) corner case that may take the\nrevert lock, namely, the OSS mmap.  The OSS mmap operation\nexceptionally allows to re-configure the parameters inside the OSS\nmmap syscall, where mm->mmap_mutex is already held.  Meanwhile, the\ncopy_from/to_user calls at read/write operations also take the\nmm->mmap_lock internally, hence it may lead to a AB/BA deadlock.\n\nA similar problem was already seen in the past and we fixed it with a\nrefcount (in commit b248371628aa).  The former fix covered only the\ncall paths with OSS read/write and OSS ioctls, while we need to cover\nthe concurrent access via both ALSA and OSS APIs now.\n\nThis patch addresses the problem above by replacing the buffer_mutex\nlock in the read/write operations with a refcount similar as we've\nused for OSS.  The new field, runtime->buffer_accessing, keeps the\nnumber of concurrent read/write operations.  Unlike the former\nbuffer_mutex protection, this protects only around the\ncopy_from/to_user() calls; the other codes are basically protected by\nthe PCM stream lock.  The refcount can be a negative, meaning blocked\nby the ioctls.  If a negative value is seen, the read/write aborts\nwith -EBUSY.  In the ioctl side, OTOH, they check this refcount, too,\nand set to a negative value for blocking unless it's already being\naccessed.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-667","Improper Locking","The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.","weakness","Draft","Class",[19,31,35],{"id":20,"name":21,"techniques":22},"CAPEC-25","Forced Deadlock",[23],{"id":24,"name":25,"tactics":26,"countermeasures":30},"T1499.004","Application or System Exploitation",[27],{"id":28,"name":29},"TA0105","Impact",[],{"id":32,"name":33,"techniques":34},"CAPEC-26","Leveraging Race Conditions",[],{"id":36,"name":37,"techniques":38},"CAPEC-27","Leveraging Race Conditions via Symbolic Links",[],[],[],[],[43,45,47,49,51,53,55,57,59,61,63,65,67],{"_key":44},"SUSE-SU-2025:1263-1",{"_key":46},"UBUNTU-CVE-2022-49272",{"_key":48},"SUSE-SU-2025:0983-1",{"_key":50},"SUSE-SU-2025:1027-1",{"_key":52},"SUSE-SU-2025:1176-1",{"_key":54},"SUSE-SU-2025:1183-1",{"_key":56},"SUSE-SU-2025:1194-1",{"_key":58},"SUSE-SU-2025:1241-1",{"_key":60},"SUSE-SU-2025:1293-1",{"_key":62},"SUSE-SU-2026:0385-1",{"_key":64},"RHSA-2022:7683",{"_key":66},"RHSA-2022:8267",{"_key":68},"DEBIAN-CVE-2022-49272",[],[71,72,73,74,75,76,77,78,79],{"_key":44},{"_key":48},{"_key":50},{"_key":52},{"_key":54},{"_key":56},{"_key":58},{"_key":60},{"_key":62},"2025-02-26T01:56:18.626Z","2026-05-11T18:56:29.104Z","Analyzed",{"cisa_kev":84,"cisa_ransomware":84,"cisa_vendor":9,"epss_severity":85,"epss_score":86,"severity":87,"severity_score":88,"severity_version":89,"severity_source":90,"severity_vector":91,"severity_status":82},false,"low",0.00012,"medium",5.5,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",[93,99,103,107,111,115,119,123],{"url":94,"sources":95,"tags":97},"https://git.kernel.org/stable/c/7e9133607e1501c94881be35e118d8f84d96dcb4",[96,90],"cve.org",[98],"Patch",{"url":100,"sources":101,"tags":102},"https://git.kernel.org/stable/c/40f4cffbe13a51faf136faf5f9ef6847782cd595",[96,90],[98],{"url":104,"sources":105,"tags":106},"https://git.kernel.org/stable/c/9661bf674d6a82b76e4ae424438a8ce1e3ed855d",[96,90],[98],{"url":108,"sources":109,"tags":110},"https://git.kernel.org/stable/c/9017201e8d8c6d1472273361389ed431188584a0",[96,90],[98],{"url":112,"sources":113,"tags":114},"https://git.kernel.org/stable/c/7777744e92a0b30e3e0cce2758d911837011ebd9",[96,90],[98],{"url":116,"sources":117,"tags":118},"https://git.kernel.org/stable/c/abedf0d08c79d76da0d6fa0d5dbbc98871dcbc2e",[96,90],[98],{"url":120,"sources":121,"tags":122},"https://git.kernel.org/stable/c/be9813ad2fc8f0885f5ce6925af0d993ce5da4e5",[96,90],[98],{"url":124,"sources":125,"tags":126},"https://git.kernel.org/stable/c/bc55cfd5718c7c23e5524582e9fa70b4d10f2433",[96,90],[98],[],{"date":129,"score":86,"percentile":130},"2026-06-03",0.01688,[132,136,139,142,145,148,150,153,156,160,163,166,169,172,175,179,182,185,188,192,195,198,201,204,207,210,213,216,219,222,225,228,231,234,237,240,243,246,249,252,255,258,261,264,267,270,273,276,279,282,286,289,292,295,298,301,304,307,310,313,316,319,322,325,328,330,333,336,339,342,345,348,351,354,357,360,363,365,368,371,374,377,380,383,385,388,391,394,397,400],{"date":133,"score":134,"percentile":135},"2025-11-04",0.00022,0.04479,{"date":137,"score":134,"percentile":138},"2025-11-05",0.04484,{"date":140,"score":134,"percentile":141},"2025-11-06",0.04598,{"date":143,"score":134,"percentile":144},"2025-11-07",0.04605,{"date":146,"score":134,"percentile":147},"2025-11-08",0.046,{"date":149,"score":134,"percentile":144},"2025-11-09",{"date":151,"score":134,"percentile":152},"2025-11-10",0.0459,{"date":154,"score":134,"percentile":155},"2025-11-11",0.04626,{"date":157,"score":158,"percentile":159},"2025-11-12",0.00023,0.04984,{"date":161,"score":158,"percentile":162},"2025-11-13",0.05018,{"date":164,"score":158,"percentile":165},"2025-11-14",0.05055,{"date":167,"score":158,"percentile":168},"2025-11-15",0.05076,{"date":170,"score":158,"percentile":171},"2025-11-16",0.05086,{"date":173,"score":158,"percentile":174},"2025-11-17",0.05085,{"date":176,"score":177,"percentile":178},"2025-11-18",0.00043,0.08536,{"date":180,"score":177,"percentile":181},"2025-11-19",0.08548,{"date":183,"score":177,"percentile":184},"2025-11-20",0.08581,{"date":186,"score":158,"percentile":187},"2025-11-21",0.05139,{"date":189,"score":190,"percentile":191},"2025-11-22",0.00026,0.06157,{"date":193,"score":190,"percentile":194},"2025-11-23",0.06146,{"date":196,"score":190,"percentile":197},"2025-11-24",0.06125,{"date":199,"score":190,"percentile":200},"2025-11-25",0.06113,{"date":202,"score":190,"percentile":203},"2025-11-26",0.06133,{"date":205,"score":190,"percentile":206},"2025-11-27",0.06142,{"date":208,"score":190,"percentile":209},"2025-11-28",0.06116,{"date":211,"score":190,"percentile":212},"2025-11-29",0.06159,{"date":214,"score":190,"percentile":215},"2025-11-30",0.06155,{"date":217,"score":190,"percentile":218},"2025-12-01",0.06223,{"date":220,"score":190,"percentile":221},"2025-12-02",0.06236,{"date":223,"score":190,"percentile":224},"2025-12-03",0.0625,{"date":226,"score":190,"percentile":227},"2025-12-04",0.06212,{"date":229,"score":190,"percentile":230},"2025-12-05",0.06262,{"date":232,"score":190,"percentile":233},"2025-12-06",0.06269,{"date":235,"score":190,"percentile":236},"2025-12-07",0.06276,{"date":238,"score":190,"percentile":239},"2025-12-08",0.06274,{"date":241,"score":190,"percentile":242},"2025-12-09",0.0633,{"date":244,"score":190,"percentile":245},"2025-12-10",0.06402,{"date":247,"score":190,"percentile":248},"2025-12-11",0.06395,{"date":250,"score":190,"percentile":251},"2025-12-12",0.06417,{"date":253,"score":190,"percentile":254},"2025-12-13",0.06461,{"date":256,"score":190,"percentile":257},"2025-12-14",0.06429,{"date":259,"score":190,"percentile":260},"2025-12-15",0.06406,{"date":262,"score":190,"percentile":263},"2025-12-16",0.06431,{"date":265,"score":190,"percentile":266},"2025-12-17",0.06518,{"date":268,"score":190,"percentile":269},"2025-12-18",0.06577,{"date":271,"score":190,"percentile":272},"2025-12-19",0.06563,{"date":274,"score":190,"percentile":275},"2025-12-20",0.06558,{"date":277,"score":190,"percentile":278},"2025-12-21",0.06549,{"date":280,"score":190,"percentile":281},"2025-12-22",0.06503,{"date":283,"score":284,"percentile":285},"2025-12-23",0.00027,0.0705,{"date":287,"score":284,"percentile":288},"2025-12-24",0.07072,{"date":290,"score":284,"percentile":291},"2025-12-25",0.07141,{"date":293,"score":284,"percentile":294},"2025-12-26",0.07147,{"date":296,"score":284,"percentile":297},"2025-12-27",0.07148,{"date":299,"score":284,"percentile":300},"2025-12-28",0.07138,{"date":302,"score":284,"percentile":303},"2025-12-29",0.07119,{"date":305,"score":284,"percentile":306},"2025-12-30",0.07095,{"date":308,"score":284,"percentile":309},"2025-12-31",0.07137,{"date":311,"score":284,"percentile":312},"2026-01-01",0.07198,{"date":314,"score":284,"percentile":315},"2026-01-02",0.07196,{"date":317,"score":284,"percentile":318},"2026-01-03",0.07191,{"date":320,"score":284,"percentile":321},"2026-01-04",0.07113,{"date":323,"score":284,"percentile":324},"2026-01-05",0.07057,{"date":326,"score":284,"percentile":327},"2026-01-06",0.07047,{"date":329,"score":284,"percentile":288},"2026-01-07",{"date":331,"score":284,"percentile":332},"2026-01-08",0.0713,{"date":334,"score":284,"percentile":335},"2026-01-09",0.07145,{"date":337,"score":284,"percentile":338},"2026-01-10",0.07176,{"date":340,"score":284,"percentile":341},"2026-01-11",0.07162,{"date":343,"score":284,"percentile":344},"2026-01-12",0.07134,{"date":346,"score":284,"percentile":347},"2026-01-13",0.07121,{"date":349,"score":284,"percentile":350},"2026-01-14",0.07165,{"date":352,"score":284,"percentile":353},"2026-01-15",0.07173,{"date":355,"score":284,"percentile":356},"2026-01-16",0.07187,{"date":358,"score":284,"percentile":359},"2026-01-17",0.07197,{"date":361,"score":284,"percentile":362},"2026-01-18",0.07171,{"date":364,"score":284,"percentile":332},"2026-01-19",{"date":366,"score":284,"percentile":367},"2026-01-20",0.07097,{"date":369,"score":284,"percentile":370},"2026-01-21",0.07093,{"date":372,"score":284,"percentile":373},"2026-01-22",0.07066,{"date":375,"score":284,"percentile":376},"2026-01-23",0.07127,{"date":378,"score":284,"percentile":379},"2026-01-24",0.07189,{"date":381,"score":284,"percentile":382},"2026-01-25",0.07164,{"date":384,"score":284,"percentile":297},"2026-01-26",{"date":386,"score":284,"percentile":387},"2026-01-27",0.07136,{"date":389,"score":284,"percentile":390},"2026-01-28",0.07114,{"date":392,"score":284,"percentile":393},"2026-01-29",0.07108,{"date":395,"score":284,"percentile":396},"2026-01-30",0.0712,{"date":398,"score":284,"percentile":399},"2026-01-31",0.07142,{"date":401,"score":284,"percentile":402},"2026-02-01",0.0718,[404],{"source":90,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":405,"cvss_v4_0":9},{"baseScore":88,"baseSeverity":406,"vectorString":91,"impactScore":407,"exploitabilityScore":408},"MEDIUM",6,4.6,[410,466],{"ecosystem":9,"name":411,"vendor":412,"product":412,"cpe_part":413,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":414},"Linux","linux","a",[415,422,426,430,434,438,442,446,450,454,458,462],{"version":416,"is_range":417,"range_type":96,"version_start":418,"version_start_type":419,"version_end":420,"version_end_type":421,"fixed_in":9},">= 73867cb2bc7dfa7fbd219e53a0b68d253d8fda09, \u003C 7e9133607e1501c94881be35e118d8f84d96dcb4",true,"73867cb2bc7dfa7fbd219e53a0b68d253d8fda09","including","7e9133607e1501c94881be35e118d8f84d96dcb4","excluding",{"version":423,"is_range":417,"range_type":96,"version_start":424,"version_start_type":419,"version_end":425,"version_end_type":421,"fixed_in":9},">= b3830197aa7413c65767cf5a1aa8775c83f0dbf7, \u003C 40f4cffbe13a51faf136faf5f9ef6847782cd595","b3830197aa7413c65767cf5a1aa8775c83f0dbf7","40f4cffbe13a51faf136faf5f9ef6847782cd595",{"version":427,"is_range":417,"range_type":96,"version_start":428,"version_start_type":419,"version_end":429,"version_end_type":421,"fixed_in":9},">= 08d1807f097a63ea00a7067dad89c1c81cb2115e, \u003C 9661bf674d6a82b76e4ae424438a8ce1e3ed855d","08d1807f097a63ea00a7067dad89c1c81cb2115e","9661bf674d6a82b76e4ae424438a8ce1e3ed855d",{"version":431,"is_range":417,"range_type":96,"version_start":432,"version_start_type":419,"version_end":433,"version_end_type":421,"fixed_in":9},">= 8527c8f052fb42091c6569cb928e472376a4a889, \u003C 9017201e8d8c6d1472273361389ed431188584a0","8527c8f052fb42091c6569cb928e472376a4a889","9017201e8d8c6d1472273361389ed431188584a0",{"version":435,"is_range":417,"range_type":96,"version_start":436,"version_start_type":419,"version_end":437,"version_end_type":421,"fixed_in":9},">= 47711ff10c7e126702cfa725f6d86ef529d15a5f, \u003C 7777744e92a0b30e3e0cce2758d911837011ebd9","47711ff10c7e126702cfa725f6d86ef529d15a5f","7777744e92a0b30e3e0cce2758d911837011ebd9",{"version":439,"is_range":417,"range_type":96,"version_start":440,"version_start_type":419,"version_end":441,"version_end_type":421,"fixed_in":9},">= 4d1b0ace2d56dc27cc4921eda7fae57f77f03eb5, \u003C abedf0d08c79d76da0d6fa0d5dbbc98871dcbc2e","4d1b0ace2d56dc27cc4921eda7fae57f77f03eb5","abedf0d08c79d76da0d6fa0d5dbbc98871dcbc2e",{"version":443,"is_range":417,"range_type":96,"version_start":444,"version_start_type":419,"version_end":445,"version_end_type":421,"fixed_in":9},">= dd2f8c684da3e226e5ec7a81c89ff5fd4a957a03, \u003C be9813ad2fc8f0885f5ce6925af0d993ce5da4e5","dd2f8c684da3e226e5ec7a81c89ff5fd4a957a03","be9813ad2fc8f0885f5ce6925af0d993ce5da4e5",{"version":447,"is_range":417,"range_type":96,"version_start":448,"version_start_type":419,"version_end":449,"version_end_type":421,"fixed_in":9},">= dca947d4d26dbf925a64a6cfb2ddbc035e831a3d, \u003C bc55cfd5718c7c23e5524582e9fa70b4d10f2433","dca947d4d26dbf925a64a6cfb2ddbc035e831a3d","bc55cfd5718c7c23e5524582e9fa70b4d10f2433",{"version":451,"is_range":417,"range_type":96,"version_start":452,"version_start_type":419,"version_end":453,"version_end_type":421,"fixed_in":9},">= 5.10.109, \u003C 5.10.110","5.10.109","5.10.110",{"version":455,"is_range":417,"range_type":96,"version_start":456,"version_start_type":419,"version_end":457,"version_end_type":421,"fixed_in":9},">= 5.15.32, \u003C 5.15.33","5.15.32","5.15.33",{"version":459,"is_range":417,"range_type":96,"version_start":460,"version_start_type":419,"version_end":461,"version_end_type":421,"fixed_in":9},">= 5.16.18, \u003C 5.16.19","5.16.18","5.16.19",{"version":463,"is_range":417,"range_type":96,"version_start":464,"version_start_type":419,"version_end":465,"version_end_type":421,"fixed_in":9},">= 5.17.1, \u003C 5.17.2","5.17.1","5.17.2",{"ecosystem":9,"name":467,"vendor":412,"product":468,"cpe_part":469,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":470},"linux kernel","linux_kernel","o",[471,473,474,475],{"version":452,"is_range":84,"range_type":472,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"cpe",{"version":456,"is_range":84,"range_type":472,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":460,"is_range":84,"range_type":472,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":464,"is_range":84,"range_type":472,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9}]