ghsa-gvgm-6pph-fj6g
Vulnerability from github
Published
2025-06-18 12:30
Modified
2025-06-18 12:30
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: cdns3: fix random warning message when driver load

Warning log: [ 4.141392] Unexpected gfp: 0x4 (GFP_DMA32). Fixing up to gfp: 0xa20 (GFP_ATOMIC). Fix your code! [ 4.150340] CPU: 1 PID: 175 Comm: 1-0050 Not tainted 5.15.5-00039-g2fd9ae1b568c #20 [ 4.158010] Hardware name: Freescale i.MX8QXP MEK (DT) [ 4.163155] Call trace: [ 4.165600] dump_backtrace+0x0/0x1b0 [ 4.169286] show_stack+0x18/0x68 [ 4.172611] dump_stack_lvl+0x68/0x84 [ 4.176286] dump_stack+0x18/0x34 [ 4.179613] kmalloc_fix_flags+0x60/0x88 [ 4.183550] new_slab+0x334/0x370 [ 4.186878] slaballoc.part.108+0x4d4/0x748 [ 4.191419] slab_alloc.isra.109+0x30/0x78 [ 4.195702] kmem_cache_alloc+0x40c/0x420 [ 4.199725] dma_pool_alloc+0xac/0x1f8 [ 4.203486] cdns3_allocate_trb_pool+0xb4/0xd0

pool_alloc_page(struct dma_pool pool, gfp_t mem_flags) { ... page = kmalloc(sizeof(page), mem_flags); page->vaddr = dma_alloc_coherent(pool->dev, pool->allocation, &page->dma, mem_flags); ... }

kmalloc was called with mem_flags, which is passed down in cdns3_allocate_trb_pool() and have GFP_DMA32 flags. kmall_fix_flags() report warning.

GFP_DMA32 is not useful at all. dma_alloc_coherent() will handle DMA memory region correctly by pool->dev. GFP_DMA32 can be removed safely.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-50151"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:45Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: fix random warning message when driver load\n\nWarning log:\n[    4.141392] Unexpected gfp: 0x4 (GFP_DMA32). Fixing up to gfp: 0xa20 (GFP_ATOMIC). Fix your code!\n[    4.150340] CPU: 1 PID: 175 Comm: 1-0050 Not tainted 5.15.5-00039-g2fd9ae1b568c #20\n[    4.158010] Hardware name: Freescale i.MX8QXP MEK (DT)\n[    4.163155] Call trace:\n[    4.165600]  dump_backtrace+0x0/0x1b0\n[    4.169286]  show_stack+0x18/0x68\n[    4.172611]  dump_stack_lvl+0x68/0x84\n[    4.176286]  dump_stack+0x18/0x34\n[    4.179613]  kmalloc_fix_flags+0x60/0x88\n[    4.183550]  new_slab+0x334/0x370\n[    4.186878]  ___slab_alloc.part.108+0x4d4/0x748\n[    4.191419]  __slab_alloc.isra.109+0x30/0x78\n[    4.195702]  kmem_cache_alloc+0x40c/0x420\n[    4.199725]  dma_pool_alloc+0xac/0x1f8\n[    4.203486]  cdns3_allocate_trb_pool+0xb4/0xd0\n\npool_alloc_page(struct dma_pool *pool, gfp_t mem_flags)\n{\n\t...\n\tpage = kmalloc(sizeof(*page), mem_flags);\n\tpage-\u003evaddr = dma_alloc_coherent(pool-\u003edev, pool-\u003eallocation,\n\t\t\t\t\t \u0026page-\u003edma, mem_flags);\n\t...\n}\n\nkmalloc was called with mem_flags, which is passed down in\ncdns3_allocate_trb_pool() and have GFP_DMA32 flags.\nkmall_fix_flags() report warning.\n\nGFP_DMA32 is not useful at all. dma_alloc_coherent() will handle\nDMA memory region correctly by pool-\u003edev. GFP_DMA32 can be removed\nsafely.",
  "id": "GHSA-gvgm-6pph-fj6g",
  "modified": "2025-06-18T12:30:50Z",
  "published": "2025-06-18T12:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50151"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8659ab3d936fcf0084676f98b75b317017aa8f82"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e142744f0e96abc69ccd99e6d6c7eb662267f21"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/960a8a35a6027a08c4b511435bf59609b5d5e5cd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.