| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100756-CVE-2022-50541-e1fe@gregkh> Date: Tue, 7 Oct 2025 17:20:59 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50541: dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow UDMA_CHAN_RT_*BCNT_REG stores the real-time channel bytecount statistics. These registers are 32-bit hardware counters and the driver uses these counters to monitor the operational progress status for a channel, when transferring more than 4GB of data it was observed that these counters overflow and completion calculation of a operation gets affected and the transfer hangs indefinitely. This commit adds changes to decrease the byte count for every complete transaction so that these registers never overflow and the proper byte count statistics is maintained for ongoing transaction by the RT counters. Earlier uc->bcnt used to maintain a count of the completed bytes at driver side, since the RT counters maintain the statistics of current transaction now, the maintenance of uc->bcnt is not necessary. The Linux kernel CVE team has assigned CVE-2022-50541 to this issue. Affected and fixed versions =========================== Fixed in 5.15.75 with commit d68da10b0cceb4177b653833e794b2923a4ffbd7 Fixed in 5.19.17 with commit e0b16bfbd3a4a8d09614046335f4482313e7c0c4 Fixed in 6.0.3 with commit a065657643a62a24b4435ddcaea45f1e9378749e Fixed in 6.1 with commit 7c94dcfa8fcff2dba53915f1dabfee49a3df8b88 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50541 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/dma/ti/k3-udma.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/d68da10b0cceb4177b653833e794b2923a4ffbd7 https://git.kernel.org/stable/c/e0b16bfbd3a4a8d09614046335f4482313e7c0c4 https://git.kernel.org/stable/c/a065657643a62a24b4435ddcaea45f1e9378749e https://git.kernel.org/stable/c/7c94dcfa8fcff2dba53915f1dabfee49a3df8b88
Powered by blists - more mailing lists