Get tailored security recommendations from our analyst team for CVE-2022-50016. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: Intel: cnl: Do not process IPC reply before firmware boot

It is not yet clear, but it is possible to create a firmware so broken
that it will send a reply message before a FW_READY message (it is not
yet clear if FW_READY will arrive later).
Since the reply_data is allocated only after the FW_READY message, this
will lead to a NULL pointer dereference if not filtered out.

The issue was reported with IPC4 firmware but the same condition is present
for IPC3.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Affected Versions:

273020522ef62361c5d86eebe45a72418ed8dea4 273020522ef62361c5d86eebe45a72418ed8dea4

Linux

Affected Versions:

5.2 0 5.19.4 6.0

References

https://git.kernel.org/stable/c/230f646085d17a008b609eb8fe8befb8811868f0

https://git.kernel.org/stable/c/acacd9eefd0def5a83244d88e5483b5f38ee7287

Published: 2025-06-18T11:01:20.427Z

Last Modified: 2025-06-19T13:10:48.324Z

Copied to clipboard!

CVE-2022-50016

Expert Analysis

Description

Available Exploits

Related News

Affected Products

Linux

Affected Versions:

Linux

Affected Versions:

References

Request Analysis

What to expect

Request Received!