fkie_cve-2022-50015
Vulnerability from fkie_nvd
Published
2025-06-18 11:15
Modified
2025-06-18 13:46
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot It is not yet clear, but it is possible to create a firmware so broken that it will send a reply message before a FW_READY message (it is not yet clear if FW_READY will arrive later). Since the reply_data is allocated only after the FW_READY message, this will lead to a NULL pointer dereference if not filtered out. The issue was reported with IPC4 firmware but the same condition is present for IPC3.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/48945246cf802b9866f3a821103f1a7a196baf68
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/499cc881b09c8283ab5e75b0d6d21cb427722161
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot\n\nIt is not yet clear, but it is possible to create a firmware so broken\nthat it will send a reply message before a FW_READY message (it is not\nyet clear if FW_READY will arrive later).\nSince the reply_data is allocated only after the FW_READY message, this\nwill lead to a NULL pointer dereference if not filtered out.\n\nThe issue was reported with IPC4 firmware but the same condition is present\nfor IPC3."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: SOF: Intel: hda-ipc: No procesar la respuesta de IPC antes del arranque del firmware. A\u00fan no est\u00e1 claro, pero es posible crear un firmware tan defectuoso que env\u00ede un mensaje de respuesta antes de un mensaje FW_READY (a\u00fan no se sabe si FW_READY llegar\u00e1 despu\u00e9s). Dado que los datos de respuesta se asignan solo despu\u00e9s del mensaje FW_READY, esto provocar\u00e1 una desreferencia de puntero nulo si no se filtra. El problema se report\u00f3 con el firmware IPC4, pero la misma condici\u00f3n se presenta para IPC3."
    }
  ],
  "id": "CVE-2022-50015",
  "lastModified": "2025-06-18T13:46:52.973",
  "metrics": {},
  "published": "2025-06-18T11:15:29.593",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/48945246cf802b9866f3a821103f1a7a196baf68"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/499cc881b09c8283ab5e75b0d6d21cb427722161"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.