CVE-2022-49292

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ALSA: oss: Fix PCM OSS buffer allocation overflow<br /> <br /> We&amp;#39;ve got syzbot reports hitting INT_MAX overflow at vmalloc()<br /> allocation that is called from snd_pcm_plug_alloc(). Although we<br /> apply the restrictions to input parameters, it&amp;#39;s based only on the<br /> hw_params of the underlying PCM device. Since the PCM OSS layer<br /> allocates a temporary buffer for the data conversion, the size may<br /> become unexpectedly large when more channels or higher rates is given;<br /> in the reported case, it went over INT_MAX, hence it hits WARN_ON().<br /> <br /> This patch is an attempt to avoid such an overflow and an allocation<br /> for too large buffers. First off, it adds the limit of 1MB as the<br /> upper bound for period bytes. This must be large enough for all use<br /> cases, and we really don&amp;#39;t want to handle a larger temporary buffer<br /> than this size. The size check is performed at two places, where the<br /> original period bytes is calculated and where the plugin buffer size<br /> is calculated.<br /> <br /> In addition, the driver uses array_size() and array3_size() for<br /> multiplications to catch overflows for the converted period size and<br /> buffer bytes.