LiveActive security incident?Get immediate response
CVE Record

CVE-2022-50229: ALSA: bcd2000: Fix a UAF bug on the error path of probing

In the Linux kernel, the following vulnerability has been resolved: ALSA: bcd2000: Fix a UAF bug on the error path of probing When the driver fails in snd_card_register() at probe time, it will free the 'bcd2k->midi_out_urb' before killing it, which may cause a UAF bug. The following log can reveal it: [ 50.727020] BUG: KASAN: use-after-free in bcd2000_input_complete+0x1f1/0x2e0 [snd_bcd2000] [ 50.727623] Read of size 8 at addr ffff88810fab0e88 by task swapper/4/0 [ 50.729530] Call Trace: [ 50.732899] bcd2000_input_complete+0x1f1/0x2e0 [snd_bcd2000] Fix this by adding usb_kill_urb() before usb_free_urb().

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysislow

Security readout for executives and security teams

Plain-English summary

CVE-2022-50229 is a Linux kernel bug in the ALSA bcd2000 driver. If device probing fails at a specific registration step, the driver can free a USB request before stopping it, creating a use-after-free condition. The public sources do not show active exploitation or a CVSS score.

Executive priority

Treat this as a targeted Linux kernel maintenance item, not an emergency. Patch through normal kernel update channels, with higher priority for workstations, labs, kiosks, or servers where untrusted USB devices may be attached.

Technical view

The issue occurs on the probe error path when snd_card_register() fails. The driver frees bcd2k->midi_out_urb before killing it, and KASAN showed use-after-free in bcd2000_input_complete. The upstream fix adds usb_kill_urb() before usb_free_urb().

Likely exposure

Exposure appears limited to Linux systems running affected kernels with the ALSA bcd2000 driver reachable during device probing. The provided data names Linux kernel versions and stable commits, but does not define distributions, default module loading, or remote reachability.

Exploitation context

The bundle does not cite known exploitation, and KEV is false. The described trigger is a driver probe failure path, suggesting local hardware or USB-adjacent exposure rather than a general remote service risk. Evidence is incomplete on practical exploitability.

Researcher notes

The strongest evidence is the upstream kernel description and stable commit references. Severity, CVSS, CWE, exploitability, and distribution impact are not provided. Avoid claiming privilege escalation, code execution, or active exploitation without additional vendor or researcher evidence.

Mitigation direction

  • Update to a kernel build containing the relevant stable bcd2000 fix commit.
  • Check Linux distribution advisories for backported fixes in supported kernel packages.
  • Prioritize systems where untrusted USB devices can be attached.
  • If updates are delayed, follow vendor guidance for reducing bcd2000 driver exposure.

Validation and detection

  • Inventory Linux kernel versions against the affected version list in the CVE record.
  • Confirm distro kernel changelogs include the bcd2000 usb_kill_urb before usb_free_urb fix.
  • Check whether the snd_bcd2000 driver is present or loadable on exposed systems.
  • Review fleet policy for systems allowing untrusted USB device attachment.
Prepared
Confidence
medium
Sources
6

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2022-50229 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
10Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxb47a22290d581277be70e8a597824a4985d39e83, b47a22290d581277be70e8a597824a4985d39e83, b47a22290d581277be70e8a597824a4985d39e83, b47a22290d581277be70e8a597824a4985d39e83, b47a22290d581277be70e8a597824a4985d39e83, b47a22290d581277be70e8a597824a4985d39e83, b47a22290d581277be70e8a597824a4985d39e83, b47a22290d581277be70e8a597824a4985d39e83, b47a22290d581277be70e8a597824a4985d39e83unaffected
LinuxLinux3.16, 0, 4.9.326, 4.14.291, 4.19.256, 5.4.211, 5.10.137, 5.15.61, 5.18.18, 5.19.2, 6.0affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.