ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot — CVE-2022-50015

Summary

Advisory CVE-2022-50015. ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot Vendor: Microsoft. Source: MSRC. Threat: medium. CVSS 6.6. See the official advisory for details.

What to do

General, cautious steps (verify details in the official source):

• Review exposure and plan remediation based on risk and environment.
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• ARM: dts: qcom: replace gcc PXO with pxo_board fixed clock CVE-2022-50195
• arm64: set UXN on swapper page tables CVE-2022-50232
• arm64: set UXN on swapper page tables CVE-2022-50230
• ASoC: sma1307: Add NULL check in sma1307_setting_loaded() CVE-2025-38070
• ASoC: SOF: Intel: cnl: Do not process IPC reply before firmware boot CVE-2022-50016
• block: fix race between set_blocksize and read paths CVE-2025-38073
• Bluetooth: When HCI work queue is drained, only queue chained work CVE-2022-50166
• bpf: Do mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO CVE-2022-49961
• bpf: Fix a data-race around bpf_jit_limit. CVE-2022-49967
• bpf: fix potential 32-bit overflow when accessing ARRAY map element CVE-2022-50167
• btrfs: avoid NULL pointer dereference if no valid csum tree CVE-2025-38059
• btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref CVE-2025-38034