CVE-2022-50015
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-50015
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50015.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-50015
- Downstream
- Related
- Published
- 2025-06-18T11:01:19Z
- Modified
- 2025-10-21T11:38:15.172630Z
- Summary
- ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot
It is not yet clear, but it is possible to create a firmware so broken that it will send a reply message before a FWREADY message (it is not yet clear if FWREADY will arrive later). Since the replydata is allocated only after the FWREADY message, this will lead to a NULL pointer dereference if not filtered out.
The issue was reported with IPC4 firmware but the same condition is present for IPC3.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6e9cde974863dc9d9c6cdb178f625e410c5be3d0Fixed48945246cf802b9866f3a821103f1a7a196baf68
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6e9cde974863dc9d9c6cdb178f625e410c5be3d0Fixed499cc881b09c8283ab5e75b0d6d21cb427722161
Affected versions
v5.*
v5.1
v5.1-rc4
v5.1-rc5
v5.1-rc6
v5.1-rc7
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.19.1
v5.19.2
v5.19.3
v5.2
v5.2-rc1
v5.2-rc2
v5.2-rc3
v5.2-rc4
v5.2-rc5
v5.2-rc6
v5.2-rc7
v5.3
v5.3-rc1
v5.3-rc2
v5.3-rc3
v5.3-rc4
v5.3-rc5
v5.3-rc6
v5.3-rc7
v5.3-rc8
v5.4
v5.4-rc1
v5.4-rc2
v5.4-rc3
v5.4-rc4
v5.4-rc5
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"id": "CVE-2022-50015-17fab416",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"228707135974414318112886305748770075513",
"200633291612640945317241743484817813769",
"24157458261989000616271201263456402730",
"322814565519056489314137973181645004120",
"308780338395022831102229031428486668230",
"17044274914943393984884960684790016573",
"35366218169269543580019894812807888931",
"222406935588534764130187095571913945218",
"53181535587473898096930787551788954422",
"227473158894320232141070602194668844554",
"230793955698047625718733985241161374530",
"80484666666397357000609985419272464105",
"250400795507881620999003404154797197622",
"41892427192510897205959051184686122983",
"226722807649583915241259942721979854952",
"166310362870227205302618677348783667254",
"330114739962416317400976726097734429193",
"22261939249162230184806127579019366816"
]
},
"target": {
"file": "sound/soc/sof/intel/hda-ipc.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@499cc881b09c8283ab5e75b0d6d21cb427722161",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2022-50015-87cc0b50",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"228707135974414318112886305748770075513",
"200633291612640945317241743484817813769",
"24157458261989000616271201263456402730",
"322814565519056489314137973181645004120",
"308780338395022831102229031428486668230",
"17044274914943393984884960684790016573",
"35366218169269543580019894812807888931",
"222406935588534764130187095571913945218",
"53181535587473898096930787551788954422",
"227473158894320232141070602194668844554",
"230793955698047625718733985241161374530",
"80484666666397357000609985419272464105",
"250400795507881620999003404154797197622",
"41892427192510897205959051184686122983",
"226722807649583915241259942721979854952",
"166310362870227205302618677348783667254",
"330114739962416317400976726097734429193",
"22261939249162230184806127579019366816"
]
},
"target": {
"file": "sound/soc/sof/intel/hda-ipc.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@48945246cf802b9866f3a821103f1a7a196baf68",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2022-50015-a251c98a",
"signature_type": "Function",
"digest": {
"length": 1209.0,
"function_hash": "261175661039762985125678802009941616990"
},
"target": {
"file": "sound/soc/sof/intel/hda-ipc.c",
"function": "hda_dsp_ipc4_irq_thread"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@48945246cf802b9866f3a821103f1a7a196baf68",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2022-50015-a8c28919",
"signature_type": "Function",
"digest": {
"length": 1593.0,
"function_hash": "130337810293160623859436696772330260291"
},
"target": {
"file": "sound/soc/sof/intel/hda-ipc.c",
"function": "hda_dsp_ipc_irq_thread"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@48945246cf802b9866f3a821103f1a7a196baf68",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2022-50015-e9169723",
"signature_type": "Function",
"digest": {
"length": 1593.0,
"function_hash": "130337810293160623859436696772330260291"
},
"target": {
"file": "sound/soc/sof/intel/hda-ipc.c",
"function": "hda_dsp_ipc_irq_thread"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@499cc881b09c8283ab5e75b0d6d21cb427722161",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2022-50015-ef9752d2",
"signature_type": "Function",
"digest": {
"length": 1209.0,
"function_hash": "261175661039762985125678802009941616990"
},
"target": {
"file": "sound/soc/sof/intel/hda-ipc.c",
"function": "hda_dsp_ipc4_irq_thread"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@499cc881b09c8283ab5e75b0d6d21cb427722161",
"deprecated": false
}
]