fkie_cve-2022-49320
Vulnerability from fkie_nvd
Published
2025-02-26 07:01
Modified
2025-02-26 07:01
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type In zynqmp_dma_alloc/free_chan_resources functions there is a potential overflow in the below expressions. dma_alloc_coherent(chan->dev, (2 * chan->desc_size * ZYNQMP_DMA_NUM_DESCS), &chan->desc_pool_p, GFP_KERNEL); dma_free_coherent(chan->dev,(2 * ZYNQMP_DMA_DESC_SIZE(chan) * ZYNQMP_DMA_NUM_DESCS), chan->desc_pool_v, chan->desc_pool_p); The arguments desc_size and ZYNQMP_DMA_NUM_DESCS were 32 bit. Though this overflow condition is not observed but it is a potential problem in the case of 32-bit multiplication. Hence fix it by changing the desc_size data type to size_t. In addition to coverity fix it also reuse ZYNQMP_DMA_DESC_SIZE macro in dma_alloc_coherent API argument. Addresses-Coverity: Event overflow_before_widen.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4838969e4d95d2bd2995d1605b20d3144fcb3e74
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7b5488f4721fed6e121e661e165bab06ae2f8675
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/83960276ffc9bf5570d4106490346b61e61be5f3
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/90aefae2e3a770a6909d339f5d8a988c0b0ceaf0
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/95a0ba85c1b51b36e909841c02d205cd223ab753
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f9a9f43a62a04ec3183fb0da9226c7706eed0115
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type\n\nIn zynqmp_dma_alloc/free_chan_resources functions there is a\npotential overflow in the below expressions.\n\ndma_alloc_coherent(chan-\u003edev, (2 * chan-\u003edesc_size *\n\t\t   ZYNQMP_DMA_NUM_DESCS),\n\t\t   \u0026chan-\u003edesc_pool_p, GFP_KERNEL);\n\ndma_free_coherent(chan-\u003edev,(2 * ZYNQMP_DMA_DESC_SIZE(chan) *\n                 ZYNQMP_DMA_NUM_DESCS),\n                chan-\u003edesc_pool_v, chan-\u003edesc_pool_p);\n\nThe arguments desc_size and ZYNQMP_DMA_NUM_DESCS were 32 bit. Though\nthis overflow condition is not observed but it is a potential problem\nin the case of 32-bit multiplication. Hence fix it by changing the\ndesc_size data type to size_t.\n\nIn addition to coverity fix it also reuse ZYNQMP_DMA_DESC_SIZE macro in\ndma_alloc_coherent API argument.\n\nAddresses-Coverity: Event overflow_before_widen."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: zynqmp_dma: En el tipo de datos fix desc_size de struct zynqmp_dma_chan En las funciones zynqmp_dma_alloc/free_chan_resources hay un desbordamiento potencial en las siguientes expresiones. dma_alloc_coherent(chan-\u0026gt;dev, (2 * chan-\u0026gt;desc_size * ZYNQMP_DMA_NUM_DESCS), \u0026amp;chan-\u0026gt;desc_pool_p, GFP_KERNEL); dma_free_coherent(chan-\u0026gt;dev,(2 * ZYNQMP_DMA_DESC_SIZE(chan) * ZYNQMP_DMA_NUM_DESCS), chan-\u0026gt;desc_pool_v, chan-\u0026gt;desc_pool_p); Los argumentos desc_size y ZYNQMP_DMA_NUM_DESCS eran de 32 bits. Aunque esta condici\u00f3n de desbordamiento no se observa, es un problema potencial en el caso de la multiplicaci\u00f3n de 32 bits. Por lo tanto, corr\u00edjala cambiando el tipo de datos desc_size a size_t. Adem\u00e1s de corregir la cobertura, tambi\u00e9n reutilice la macro ZYNQMP_DMA_DESC_SIZE en el argumento de API dma_alloc_coherent. Direcciones: cobertura: evento overflow_before_widen."
    }
  ],
  "id": "CVE-2022-49320",
  "lastModified": "2025-02-26T07:01:08.840",
  "metrics": {},
  "published": "2025-02-26T07:01:08.840",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/4838969e4d95d2bd2995d1605b20d3144fcb3e74"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7b5488f4721fed6e121e661e165bab06ae2f8675"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/83960276ffc9bf5570d4106490346b61e61be5f3"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/90aefae2e3a770a6909d339f5d8a988c0b0ceaf0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/95a0ba85c1b51b36e909841c02d205cd223ab753"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f9a9f43a62a04ec3183fb0da9226c7706eed0115"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.