CVE-2022-38392: 5400 RPM OEM Hard Drive DoS Vulnerability
In the era of Windows XP, if the computer uses a 5400RPM mechanical hard drive, then playing Rhythm Nation music video will cause the system to crash. Even the surrounding computers would crash while playing the song, which was released in 1989 by American pop singer Janet Jackson.
Why does this song cause the system to crash? Subsequent investigations concluded that the song contained certain frequencies that resonated with the 5400RPM mechanical disc. After discovering the issue, Microsoft worked with OEM manufacturers to resolve the issue. The solution is to add a filter to remove the problematic resonant frequency altogether.
Microsoft explains: “It turns out that the song contained one of the natural resonant frequencies for the model of 5400 rpm laptop hard drives that they and other manufacturers used.The manufacturer worked around the problem by adding a custom filter in the audio pipeline that detected and removed the offending frequencies during audio playback.”
Unexpectedly, after nearly 20 years, MITRE will assign a CVE number to this problem – CVE-2022-38392. “A certain 5400 RPM OEM hard drive, as shipped with laptop PCs in approximately 2005, allows physically proximate attackers to cause a denial of service (device malfunction and system crash) via a resonant-frequency attack with the audio signal from the Rhythm Nation music video,” MITRE writes.
To exploit the CVE-2022-38392 flaw first, the target device must meet the trigger conditions, and second, the attacker must also play an unfiltered song. For users, don’t worry about this at all, unless you have a laptop with a 5400RPM mechanical disk released around 2005 at home.
