| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122417-CVE-2022-50721-9683@gregkh> Date: Wed, 24 Dec 2025 13:26:20 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50721: dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg The calling convention for pre_slave_sg is to return NULL on error and provide an error log to the system. Qcom-adm instead provide error pointer when an error occur. This indirectly cause kernel panic for example for the nandc driver that checks only if the pointer returned by device_prep_slave_sg is not NULL. Returning an error pointer makes nandc think the device_prep_slave_sg function correctly completed and makes the kernel panics later in the code. While nandc is the one that makes the kernel crash, it was pointed out that the real problem is qcom-adm not following calling convention for that function. To fix this, drop returning error pointer and return NULL with an error log. The Linux kernel CVE team has assigned CVE-2022-50721 to this issue. Affected and fixed versions =========================== Issue introduced in 5.11 with commit 5c9f8c2dbdbe53818bcde6aa6695e1331e5f841f and fixed in 5.19.17 with commit 5653bd0200944e5803fa8e32dc36aa49931312f9 Issue introduced in 5.11 with commit 5c9f8c2dbdbe53818bcde6aa6695e1331e5f841f and fixed in 6.0.3 with commit 9a041174c58a226e713f6cebd41eccec7a5cfa72 Issue introduced in 5.11 with commit 5c9f8c2dbdbe53818bcde6aa6695e1331e5f841f and fixed in 6.1 with commit b9d2140c3badf4107973ad77c5a0ec3075705c85 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50721 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/dma/qcom/qcom_adm.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/5653bd0200944e5803fa8e32dc36aa49931312f9 https://git.kernel.org/stable/c/9a041174c58a226e713f6cebd41eccec7a5cfa72 https://git.kernel.org/stable/c/b9d2140c3badf4107973ad77c5a0ec3075705c85
Powered by blists - more mailing lists