CVE-2022-50015
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot
It is not yet clear, but it is possible to create a firmware so broken that it will send a reply message before a FW_READY message (it is not yet clear if FW_READY will arrive later). Since the reply_data is allocated only after the FW_READY message, this will lead to a NULL pointer dereference if not filtered out.
The issue was reported with IPC4 firmware but the same condition is present for IPC3.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 6e9cde974863dc9d9c6cdb178f625e410c5be3d0 < 48945246cf802b9866f3a821103f1a7a196baf68 | affected |
| Linux | Linux | 6e9cde974863dc9d9c6cdb178f625e410c5be3d0 < 499cc881b09c8283ab5e75b0d6d21cb427722161 | affected |
| Linux | Linux | 5.2 | affected |
| Linux | Linux | 0 < 5.2 | unaffected |
| Linux | Linux | 5.19.4 <= 5.19.* | unaffected |
| Linux | Linux | 6.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/48945246cf802b9866f3a821103f1a7a196baf68
- https://git.kernel.org/stable/c/499cc881b09c8283ab5e75b0d6d21cb427722161
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.