{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T01:35:19.315","vulnerabilities":[{"cve":{"id":"CVE-2022-50015","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-06-18T11:15:29.593","lastModified":"2025-11-14T17:06:49.390","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot\n\nIt is not yet clear, but it is possible to create a firmware so broken\nthat it will send a reply message before a FW_READY message (it is not\nyet clear if FW_READY will arrive later).\nSince the reply_data is allocated only after the FW_READY message, this\nwill lead to a NULL pointer dereference if not filtered out.\n\nThe issue was reported with IPC4 firmware but the same condition is present\nfor IPC3."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: SOF: Intel: hda-ipc: No procesar la respuesta de IPC antes del arranque del firmware. Aún no está claro, pero es posible crear un firmware tan defectuoso que envíe un mensaje de respuesta antes de un mensaje FW_READY (aún no se sabe si FW_READY llegará después). Dado que los datos de respuesta se asignan solo después del mensaje FW_READY, esto provocará una desreferencia de puntero nulo si no se filtra. El problema se reportó con el firmware IPC4, pero la misma condición se presenta para IPC3."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"5.19.4","matchCriteriaId":"D135D164-F55B-4ED6-AC4A-9084482BFA6E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/48945246cf802b9866f3a821103f1a7a196baf68","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/499cc881b09c8283ab5e75b0d6d21cb427722161","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}