CVE-2022-50015

Published: Jun 18, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot It is not yet clear, but it is possible to create a firmware so broken that it will send a reply message before a FW_READY message (it is not yet clear if FW_READY will arrive later). Since the reply_data is allocated only after the FW_READY message, this will lead to a NULL pointer dereference if not filtered out. The issue was reported with IPC4 firmware but the same condition is present for IPC3.

Vendor	Product	Versions
Linux	Linux	affected `6e9cde974863dc9d9c6cdb178f625e410c5be3d0 - < 48945246cf802b9866f3a821103f1a7a196baf68` affected `6e9cde974863dc9d9c6cdb178f625e410c5be3d0 - < 499cc881b09c8283ab5e75b0d6d21cb427722161`
Linux	Linux	affected `5.2` unaffected `0 - < 5.2` unaffected `5.19.4 - <= 5.19.` unaffected `6.0 - <= `

References

https://git.kernel.org/stable/c/48945246cf802b9866f3a821103f1a7a196baf68

https://git.kernel.org/stable/c/499cc881b09c8283ab5e75b0d6d21cb427722161

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-50015

Description

Affected Products

References