CVE-2022-50015 Information
Jun 19, 2025
cve
Description
In the Linux kernel the following vulnerability has been resolved:
ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot
It is not yet clear but it is possible to create a firmware so broken that it will send a reply message before a FW_READY message (it is not yet clear if FW_READY will arrive later). Since the reply_data is allocated only after the FW_READY message this will lead to a NULL pointer dereference if not filtered out.
The issue was reported with IPC4 firmware but the same condition is present for IPC3.
Reference
https://git.kernel.org/stable/c/48945246cf802b9866f3a821103f1a7a196baf68 https://git.kernel.org/stable/c/499cc881b09c8283ab5e75b0d6d21cb427722161
Related CNNVD
CNNVD-202506-2296 (Published: 2025-06-18)
Share on: