CVE-2022-50016
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-50016
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50016.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-50016
- Downstream
- Related
- Published
- 2025-06-18T11:01:20Z
- Modified
- 2025-10-21T11:38:56.664459Z
- Summary
- ASoC: SOF: Intel: cnl: Do not process IPC reply before firmware boot
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: Intel: cnl: Do not process IPC reply before firmware boot
It is not yet clear, but it is possible to create a firmware so broken that it will send a reply message before a FWREADY message (it is not yet clear if FWREADY will arrive later). Since the replydata is allocated only after the FWREADY message, this will lead to a NULL pointer dereference if not filtered out.
The issue was reported with IPC4 firmware but the same condition is present for IPC3.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced273020522ef62361c5d86eebe45a72418ed8dea4Fixed230f646085d17a008b609eb8fe8befb8811868f0
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced273020522ef62361c5d86eebe45a72418ed8dea4Fixedacacd9eefd0def5a83244d88e5483b5f38ee7287
Affected versions
v5.*
v5.1
v5.1-rc4
v5.1-rc5
v5.1-rc6
v5.1-rc7
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.19.1
v5.19.2
v5.19.3
v5.2
v5.2-rc1
v5.2-rc2
v5.2-rc3
v5.2-rc4
v5.2-rc5
v5.2-rc6
v5.2-rc7
v5.3
v5.3-rc1
v5.3-rc2
v5.3-rc3
v5.3-rc4
v5.3-rc5
v5.3-rc6
v5.3-rc7
v5.3-rc8
v5.4
v5.4-rc1
v5.4-rc2
v5.4-rc3
v5.4-rc4
v5.4-rc5
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@230f646085d17a008b609eb8fe8befb8811868f0",
"target": {
"function": "cnl_ipc4_irq_thread",
"file": "sound/soc/sof/intel/cnl.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2022-50016-136dc2b9",
"digest": {
"length": 1133.0,
"function_hash": "53949263958527967273273141610980346687"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@230f646085d17a008b609eb8fe8befb8811868f0",
"target": {
"function": "cnl_ipc_irq_thread",
"file": "sound/soc/sof/intel/cnl.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2022-50016-176d9ecf",
"digest": {
"length": 1522.0,
"function_hash": "2018415163276658713819187100802868968"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@230f646085d17a008b609eb8fe8befb8811868f0",
"target": {
"file": "sound/soc/sof/intel/cnl.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2022-50016-8e5bc620",
"digest": {
"threshold": 0.9,
"line_hashes": [
"135585323841467569051055141554821325849",
"143566574894328633601557338848905295704",
"24157458261989000616271201263456402730",
"322814565519056489314137973181645004120",
"308780338395022831102229031428486668230",
"17044274914943393984884960684790016573",
"35366218169269543580019894812807888931",
"222406935588534764130187095571913945218",
"53181535587473898096930787551788954422",
"227473158894320232141070602194668844554",
"148262515690168126497650085135039902802",
"65221936101991101822300350898105174988",
"155337059293021007917747956368750085088",
"170665733331651349414289839230516113401",
"154363860110381639576433733730350317945",
"50164401599296736851613995746079012421",
"209863932855516094180832646803902076024",
"81211841224549408232823408551485355784"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@acacd9eefd0def5a83244d88e5483b5f38ee7287",
"target": {
"file": "sound/soc/sof/intel/cnl.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2022-50016-ad4e74d4",
"digest": {
"threshold": 0.9,
"line_hashes": [
"135585323841467569051055141554821325849",
"143566574894328633601557338848905295704",
"24157458261989000616271201263456402730",
"322814565519056489314137973181645004120",
"308780338395022831102229031428486668230",
"17044274914943393984884960684790016573",
"35366218169269543580019894812807888931",
"222406935588534764130187095571913945218",
"53181535587473898096930787551788954422",
"227473158894320232141070602194668844554",
"148262515690168126497650085135039902802",
"65221936101991101822300350898105174988",
"155337059293021007917747956368750085088",
"170665733331651349414289839230516113401",
"154363860110381639576433733730350317945",
"50164401599296736851613995746079012421",
"209863932855516094180832646803902076024",
"81211841224549408232823408551485355784"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@acacd9eefd0def5a83244d88e5483b5f38ee7287",
"target": {
"function": "cnl_ipc4_irq_thread",
"file": "sound/soc/sof/intel/cnl.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2022-50016-bdcae3f7",
"digest": {
"length": 1133.0,
"function_hash": "53949263958527967273273141610980346687"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@acacd9eefd0def5a83244d88e5483b5f38ee7287",
"target": {
"function": "cnl_ipc_irq_thread",
"file": "sound/soc/sof/intel/cnl.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2022-50016-c5f26fca",
"digest": {
"length": 1522.0,
"function_hash": "2018415163276658713819187100802868968"
},
"signature_type": "Function"
}
]