Buffer Overflow Vulnerability in Intel's Linux Kernel Audio Subsystem
CVE-2022-50325

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 15 September 2025

What is CVE-2022-50325?

A buffer overflow vulnerability was identified in the Audio Stream Control (ASoC) module of Intel's Linux kernel. When processing audio configuration requests, specifically for the LARGE_CONFIG_GET event, the code could incorrectly handle a scenario where the firmware returns an invalid size. As a result, the function memcpy_fromio() could attempt to copy more data than the allocated buffer can hold, leading to potential memory corruption. This issue has been mitigated by implementing safeguards that ensure only the minimum required number of bytes is copied, thus preventing the overflow.

Affected Version(s)

Linux f14a1c5a9f830025dc8638303ddefd5f731ae4bc

Linux f14a1c5a9f830025dc8638303ddefd5f731ae4bc < 0bad12fee5ae16ab439d97c66c4238f5f4cc7f68

Linux f14a1c5a9f830025dc8638303ddefd5f731ae4bc < 23ae34e033b2c0e5e88237af82b163b296fd6aa9

References

https://git.kernel.org/stable/c/ec1f0c12cb2e614c3fa8e9402...

https://git.kernel.org/stable/c/0bad12fee5ae16ab439d97c66...

https://git.kernel.org/stable/c/23ae34e033b2c0e5e88237af8...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2025
Vulnerability Reserved
Sep 15, 2025