CVE-2022-50115 – This CVE describes a double-free memory corrupt... (How to Fix)

Q: What is the severity of CVE-2022-50115?

CVE-2022-50115 has a CVSS score of 7.8 (HIGH). This CVE describes a double-free memory corruption vulnerability in the Linux kernel's Sound Open Firmware (SOF) subsystem. When byte control sanity checks fail during audio topology loading, the system frees memory but doesn't null the pointer, allowing subsequent rollback code to free it again. This affects systems using SOF audio drivers with vulnerable kernel versions.

📋 TL;DR

This CVE describes a double-free memory corruption vulnerability in the Linux kernel's Sound Open Firmware (SOF) subsystem. When byte control sanity checks fail during audio topology loading, the system frees memory but doesn't null the pointer, allowing subsequent rollback code to free it again. This affects systems using SOF audio drivers with vulnerable kernel versions.

💻 Affected Systems

Products:

Linux kernel with SOF (Sound Open Firmware) subsystem

Versions: Kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only vulnerable if SOF audio subsystem is enabled and in use. Many embedded systems and modern laptops use SOF for audio.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, potential privilege escalation if attacker can control memory layout, or arbitrary code execution in kernel context.

🟠

Likely Case

System instability, crashes, or denial of service when processing malformed audio topology data.

🟢

If Mitigated

No impact if patched or if SOF audio subsystem is not in use.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger audio subsystem operations.

🏢 Internal Only: MEDIUM - Local users or processes could potentially trigger the vulnerability through audio operations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires triggering specific error conditions in audio topology loading, making reliable exploitation challenging.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 8463986b54295e6b65ddf2b7c65627d01ce7643b, c2eddfcafcffaf1b9245ea0dde9143bbfb47d5d1, or d5bd47f3ca124058a8e87eae4508afeda2132611

Vendor Advisory: https://git.kernel.org/stable/c/8463986b54295e6b65ddf2b7c65627d01ce7643b

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. For custom kernels, apply the fix commits. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable SOF audio subsystem

linux

Prevents the vulnerable code from being loaded by disabling the SOF audio driver.

echo 'blacklist snd-sof-pci' > /etc/modprobe.d/disable-sof.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

Restrict local user access to systems with vulnerable kernels
Monitor system logs for kernel panics or audio subsystem errors

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if SOF modules are loaded: uname -r && lsmod | grep -i sof

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is after fix commits and test audio functionality remains working

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
Audio subsystem errors in dmesg
System crashes during audio operations

Network Indicators:

None - local vulnerability only

SIEM Query:

search 'kernel: BUG:' OR 'kernel: general protection fault' OR 'sof' in system logs

📊 Metadata

CVE ID: CVE-2022-50115

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-415

EPSS Score: 0.02% exploit probability (3.3th percentile)

Published: June 18, 2025

Last Updated: November 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50115, you might also want to check these: