CVE-2022-50050

Advisory lineage Upstream: 0 Downstream: 10

Downstream

DEBIAN-CVE-2022-50050 RHSA-2023:2458 RHSA-2023:2951 RHSA-2025:19268 RHSA-2025:19492 RHSA-2025:21084

Analyzed

Published: 18 Jun 2025, 11:01

Last modified:11 May 2026, 19:11

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

v3.1 (nvd)

EPSS Score

0.05% LOW

0% probability +0.04%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

18 Jun 2025, 11:01

Published

Vulnerability first disclosed

11 May 2026, 19:11

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf() snprintf() returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow (although it's unrealistic). This patch replaces with a safer version, scnprintf() for papering over such a potential issue.

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.05%• Percentile: 16%

Techniques & Countermeasures

CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

Affected Systems

linux•linux
≥ 29c8e4398f02adacd429c7847dacc8aea5a0c2f1, < 6ee1310f4d148dbf04c4159b88afd0b941018903 | ≥ 29c8e4398f02adacd429c7847dacc8aea5a0c2f1, < f7915c5614a7ece117ec390f21a410531eac48de | ≥ 29c8e4398f02adacd429c7847dacc8aea5a0c2f1, < 94c1ceb043c1a002de9649bb630c8e8347645982 | 5.10
linux•linux_kernel
≥ 5.10, < 5.15.63 | ≥ 5.16, < 5.19.4 | 6.0:rc1