CVE-2022-50015

MEDIUM

Linux Kernel 5.2-5.19.4 - NULL Pointer Dereference in ASoC SOF Intel HDA-IPC Firmware Reply Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot It is not yet clear, but it is possible to create a firmware so broken that it will send a reply message before a FW_READY message (it is not yet clear if FW_READY will arrive later). Since the reply_data is allocated only after the FW_READY message, this will lead to a NULL pointer dereference if not filtered out. The issue was reported with IPC4 firmware but the same condition is present for IPC3.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/48945246cf802b9866f3a821103f1a7a196baf68

Patch

https://git.kernel.org/stable/c/499cc881b09c8283ab5e75b0d6d21cb427722161

Scores

CVSS v3 5.5

EPSS 0.0018

EPSS Percentile 7.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (8)

linux/Kernel 5.2.0 - 5.19.4linux

Linux/Linux < 5.2

Linux/Linux 5.19.4 - 5.19.*

Linux/Linux 5.2

Linux/Linux 6.0

Linux/Linux 6e9cde974863dc9d9c6cdb178f625e410c5be3d0 - 48945246cf802b9866f3a821103f1a7a196baf68

Linux/Linux 6e9cde974863dc9d9c6cdb178f625e410c5be3d0 - 499cc881b09c8283ab5e75b0d6d21cb427722161

linux/linux_kernel 5.2 - 5.19.4

Published Jun 18, 2025

Tracked Since Feb 18, 2026