CVE-2022-49320

MEDIUM EPSS 15.9%
Published Feb 26, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type In zynqmp_dma_alloc/free_chan_resources functions there is a potential overflow in the below expressions. dma_alloc_coherent(chan->dev, (2 * chan->desc_size * ZYNQMP_DMA_NUM_DESCS), &chan->desc_pool_p, GFP_KERNEL); dma_free_coherent(chan->dev,(2 * ZYNQMP_DMA_DESC_SIZE(chan) * ZYNQMP_DMA_NUM_DESCS), chan->desc_pool_v, chan->desc_pool_p); The arguments desc_size and ZYNQMP_DMA_NUM_DESCS were 32 bit. Though this overflow condition is not observed but it is a potential problem in the case of 32-bit multiplication. Hence fix it by changing the desc_size data type to size_t. In addition to coverity fix it also reuse ZYNQMP_DMA_DESC_SIZE macro in dma_alloc_coherent API argument. Addresses-Coverity: Event overflow_before_widen.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
15.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥4.8  –  <5.4.198
linuxlinux_kernel*≥5.5  –  <5.10.122
linuxlinux_kernel*≥5.11  –  <5.15.47
linuxlinux_kernel*≥5.16  –  <5.17.15
linuxlinux_kernel*≥5.18  –  <5.18.4

References 6

  • git.kernel.org https://git.kernel.org/stable/c/4838969e4d95d2bd2995d1605b20d3144fcb3e74
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7b5488f4721fed6e121e661e165bab06ae2f8675
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/83960276ffc9bf5570d4106490346b61e61be5f3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/90aefae2e3a770a6909d339f5d8a988c0b0ceaf0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/95a0ba85c1b51b36e909841c02d205cd223ab753
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f9a9f43a62a04ec3183fb0da9226c7706eed0115
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/4838969e4d95d2bd2995d1605b20d3144fcb3e74
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7b5488f4721fed6e121e661e165bab06ae2f8675
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/83960276ffc9bf5570d4106490346b61e61be5f3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/90aefae2e3a770a6909d339f5d8a988c0b0ceaf0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/95a0ba85c1b51b36e909841c02d205cd223ab753
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f9a9f43a62a04ec3183fb0da9226c7706eed0115
    Patch