CVE-2022-50016

Summary

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: Intel: cnl: Do not process IPC reply before firmware boot

It is not yet clear, but it is possible to create a firmware so broken that it will send a reply message before a FW_READY message (it is not yet clear if FW_READY will arrive later). Since the reply_data is allocated only after the FW_READY message, this will lead to a NULL pointer dereference if not filtered out.

The issue was reported with IPC4 firmware but the same condition is present for IPC3.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux273020522ef62361c5d86eebe45a72418ed8dea4 < 230f646085d17a008b609eb8fe8befb8811868f0affected
LinuxLinux273020522ef62361c5d86eebe45a72418ed8dea4 < acacd9eefd0def5a83244d88e5483b5f38ee7287affected
LinuxLinux5.2affected
LinuxLinux0 < 5.2unaffected
LinuxLinux5.19.4 <= 5.19.*unaffected
LinuxLinux6.0 <= *unaffected

Weaknesses

References