CVE-2022-50015

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-50015
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50015.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-50015
Downstream
Related
Published
2025-06-18T11:01:19Z
Modified
2025-10-13T23:46:52.167732Z
Summary
ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot
Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot

It is not yet clear, but it is possible to create a firmware so broken that it will send a reply message before a FWREADY message (it is not yet clear if FWREADY will arrive later). Since the replydata is allocated only after the FWREADY message, this will lead to a NULL pointer dereference if not filtered out.

The issue was reported with IPC4 firmware but the same condition is present for IPC3.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6e9cde974863dc9d9c6cdb178f625e410c5be3d0
Fixed
48945246cf802b9866f3a821103f1a7a196baf68
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6e9cde974863dc9d9c6cdb178f625e410c5be3d0
Fixed
499cc881b09c8283ab5e75b0d6d21cb427722161

Affected versions

v5.*

v5.1
v5.1-rc4
v5.1-rc5
v5.1-rc6
v5.1-rc7
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.19.1
v5.19.2
v5.19.3
v5.2
v5.2-rc1
v5.2-rc2
v5.2-rc3
v5.2-rc4
v5.2-rc5
v5.2-rc6
v5.2-rc7
v5.3
v5.3-rc1
v5.3-rc2
v5.3-rc3
v5.3-rc4
v5.3-rc5
v5.3-rc6
v5.3-rc7
v5.3-rc8
v5.4
v5.4-rc1
v5.4-rc2
v5.4-rc3
v5.4-rc4
v5.4-rc5
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8

Database specific 

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@499cc881b09c8283ab5e75b0d6d21cb427722161",
            "deprecated": false,
            "id": "CVE-2022-50015-17fab416",
            "signature_type": "Line",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "228707135974414318112886305748770075513",
                    "200633291612640945317241743484817813769",
                    "24157458261989000616271201263456402730",
                    "322814565519056489314137973181645004120",
                    "308780338395022831102229031428486668230",
                    "17044274914943393984884960684790016573",
                    "35366218169269543580019894812807888931",
                    "222406935588534764130187095571913945218",
                    "53181535587473898096930787551788954422",
                    "227473158894320232141070602194668844554",
                    "230793955698047625718733985241161374530",
                    "80484666666397357000609985419272464105",
                    "250400795507881620999003404154797197622",
                    "41892427192510897205959051184686122983",
                    "226722807649583915241259942721979854952",
                    "166310362870227205302618677348783667254",
                    "330114739962416317400976726097734429193",
                    "22261939249162230184806127579019366816"
                ]
            },
            "target": {
                "file": "sound/soc/sof/intel/hda-ipc.c"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@48945246cf802b9866f3a821103f1a7a196baf68",
            "deprecated": false,
            "id": "CVE-2022-50015-87cc0b50",
            "signature_type": "Line",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "228707135974414318112886305748770075513",
                    "200633291612640945317241743484817813769",
                    "24157458261989000616271201263456402730",
                    "322814565519056489314137973181645004120",
                    "308780338395022831102229031428486668230",
                    "17044274914943393984884960684790016573",
                    "35366218169269543580019894812807888931",
                    "222406935588534764130187095571913945218",
                    "53181535587473898096930787551788954422",
                    "227473158894320232141070602194668844554",
                    "230793955698047625718733985241161374530",
                    "80484666666397357000609985419272464105",
                    "250400795507881620999003404154797197622",
                    "41892427192510897205959051184686122983",
                    "226722807649583915241259942721979854952",
                    "166310362870227205302618677348783667254",
                    "330114739962416317400976726097734429193",
                    "22261939249162230184806127579019366816"
                ]
            },
            "target": {
                "file": "sound/soc/sof/intel/hda-ipc.c"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@48945246cf802b9866f3a821103f1a7a196baf68",
            "deprecated": false,
            "id": "CVE-2022-50015-a251c98a",
            "signature_type": "Function",
            "digest": {
                "length": 1209.0,
                "function_hash": "261175661039762985125678802009941616990"
            },
            "target": {
                "file": "sound/soc/sof/intel/hda-ipc.c",
                "function": "hda_dsp_ipc4_irq_thread"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@48945246cf802b9866f3a821103f1a7a196baf68",
            "deprecated": false,
            "id": "CVE-2022-50015-a8c28919",
            "signature_type": "Function",
            "digest": {
                "length": 1593.0,
                "function_hash": "130337810293160623859436696772330260291"
            },
            "target": {
                "file": "sound/soc/sof/intel/hda-ipc.c",
                "function": "hda_dsp_ipc_irq_thread"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@499cc881b09c8283ab5e75b0d6d21cb427722161",
            "deprecated": false,
            "id": "CVE-2022-50015-e9169723",
            "signature_type": "Function",
            "digest": {
                "length": 1593.0,
                "function_hash": "130337810293160623859436696772330260291"
            },
            "target": {
                "file": "sound/soc/sof/intel/hda-ipc.c",
                "function": "hda_dsp_ipc_irq_thread"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@499cc881b09c8283ab5e75b0d6d21cb427722161",
            "deprecated": false,
            "id": "CVE-2022-50015-ef9752d2",
            "signature_type": "Function",
            "digest": {
                "length": 1209.0,
                "function_hash": "261175661039762985125678802009941616990"
            },
            "target": {
                "file": "sound/soc/sof/intel/hda-ipc.c",
                "function": "hda_dsp_ipc4_irq_thread"
            }
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.2.0
Fixed
5.19.4