CVE-2022-50144 – This CVE describes a NULL pointer dereference v... (How to Fix)

Q: What is the severity of CVE-2022-50144?

CVE-2022-50144 has a CVSS score of 5.5 (MEDIUM). This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's SoundWire subsystem that can cause kernel oopses (crashes) when unbinding codec drivers. The vulnerability occurs due to improper handling of driver callbacks during bind/unbind operations, leading to use-after-free scenarios. This affects Linux systems with SoundWire hardware support, particularly those using Intel audio codecs.

📋 TL;DR

This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's SoundWire subsystem that can cause kernel oopses (crashes) when unbinding codec drivers. The vulnerability occurs due to improper handling of driver callbacks during bind/unbind operations, leading to use-after-free scenarios. This affects Linux systems with SoundWire hardware support, particularly those using Intel audio codecs.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected kernel versions not explicitly stated, but patches are available in stable kernel trees

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires SoundWire hardware support and specific driver unbinding sequences to trigger. More likely on systems with Intel audio hardware using SoundWire codecs like snd_soc_rt711.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data loss or system instability.

🟠

Likely Case

System crash or instability when specific driver unbinding sequences occur, requiring reboot to restore functionality.

🟢

If Mitigated

No impact if patched or if vulnerable driver sequences are avoided.

🌐 Internet-Facing: LOW - Requires local access to trigger driver unbinding sequences.

🏢 Internal Only: MEDIUM - Local users or processes with sufficient privileges could trigger the vulnerability, potentially causing system-wide disruption.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and specific driver manipulation sequences. Not easily weaponized for privilege escalation, primarily a denial of service vector.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel trees via commits: 250b46505175889c6b5958c3829f610f52199f5f, 432b30f08ca3303d2ebb22352cb04c4b6cfefe65, 8fd6b03646b9a9e16d1ec19bd724cd6bd78e0ea5, bd29c00edd0a5dac8b6e7332bb470cd50f92e893

Vendor Advisory: https://git.kernel.org/stable/c/250b46505175889c6b5958c3829f610f52199f5f

Restart Required: Yes

Instructions:

1. Update to a patched kernel version from your distribution's repositories. 2. For custom kernels, apply the relevant patches from the stable kernel tree. 3. Reboot the system to load the new kernel.

🔧 Temporary Workarounds

Avoid driver unbinding sequences

linux

Prevent the specific driver removal sequences that trigger the vulnerability

Avoid running: /sbin/modprobe -r snd_soc_sof_sdw
Avoid running: /sbin/modprobe -r snd_soc_rt711

🧯 If You Can't Patch

Restrict local access to prevent users from executing driver manipulation commands
Implement monitoring for driver removal operations and alert on suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check kernel version and whether SoundWire modules are loaded: lsmod | grep -E 'soundwire|snd_soc'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and check dmesg for absence of SoundWire-related crashes after patch application

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages in dmesg/system logs containing 'soundwire' or 'NULL pointer dereference'
Workqueue errors related to soundwire_cadence or soundwire_bus

Network Indicators:

None - this is a local kernel vulnerability

SIEM Query:

source="kernel" AND ("soundwire" OR "NULL pointer" OR "kernel oops")

📊 Metadata

CVE ID: CVE-2022-50144

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.02% exploit probability (3.7th percentile)

Published: June 18, 2025

Last Updated: November 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50144, you might also want to check these: