CVE-2022-50049: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability has been identified in the ASoC (ALSA System on Chip) DPCM (Dynamic PCM) subsystem. When DPCM attempts to add valid BE (Backend) connections at dpcmaddpaths(), it fails to verify whether the selected BE supports the given stream direction. This can result in incorrect handling of asymmetric BE streams (NVD, Wiz).

The vulnerability occurs in the DPCM (Dynamic PCM) functionality when adding BE (Backend) connections. The issue manifests during the dpcmaddpaths() operation, where the code doesn't properly validate if the selected BE supports the intended stream direction. While there was a previous fix implemented in commit 6246f283d5e0 ("ASoC: dpcm: skip missing substream while applying symmetry") for handling non-existing BE substreams, this vulnerability occurs earlier in the execution path, specifically during the BE selection process (Wiz).

When exploited, this vulnerability can lead to a NULL dereference at a later point where the code assumes the existence of a corresponding BE substream. This could potentially result in system crashes or denial of service conditions (Wiz).

The vulnerability has been resolved by adding a check for the presence of the substream for the target BE before selection. The fix addresses the issue at the BE selection stage rather than during the parsing of BE lists, as was done in the previous related fix (Wiz).