CVE-2022-50115

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-50115

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50115.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-50115

Downstream

DEBIAN-CVE-2022-50115

RHSA-2022:7683

RHSA-2022:8267

SUSE-SU-2025:02264-1

UBUNTU-CVE-2022-50115

Related

SUSE-SU-2025:02264-1

Published

2025-06-18T11:15:41Z

Modified

2025-08-09T20:01:27Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: ipc3-topology: Prevent double freeing of ipccontroldata via load_bytes

We have sanity checks for byte controls and if any of the fail the locally allocated scontrol->ipccontroldata is freed up, but not set to NULL.

On a rollback path of the error the higher level code will also try to free the scontrol->ipccontroldata which will eventually going to lead to memory corruption as double freeing memory is not a good thing.

References

Affected packages