{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49320", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T02:08:31.537Z", "datePublished": "2025-02-26T02:10:45.703Z", "dateUpdated": "2025-05-04T08:35:08.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:35:08.000Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type\n\nIn zynqmp_dma_alloc/free_chan_resources functions there is a\npotential overflow in the below expressions.\n\ndma_alloc_coherent(chan->dev, (2 * chan->desc_size *\n\t\t ZYNQMP_DMA_NUM_DESCS),\n\t\t &chan->desc_pool_p, GFP_KERNEL);\n\ndma_free_coherent(chan->dev,(2 * ZYNQMP_DMA_DESC_SIZE(chan) *\n ZYNQMP_DMA_NUM_DESCS),\n chan->desc_pool_v, chan->desc_pool_p);\n\nThe arguments desc_size and ZYNQMP_DMA_NUM_DESCS were 32 bit. Though\nthis overflow condition is not observed but it is a potential problem\nin the case of 32-bit multiplication. Hence fix it by changing the\ndesc_size data type to size_t.\n\nIn addition to coverity fix it also reuse ZYNQMP_DMA_DESC_SIZE macro in\ndma_alloc_coherent API argument.\n\nAddresses-Coverity: Event overflow_before_widen."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/dma/xilinx/zynqmp_dma.c"], "versions": [{"version": "b0cc417c1637192be658e68a74c8d1568e3d35f6", "lessThan": "83960276ffc9bf5570d4106490346b61e61be5f3", "status": "affected", "versionType": "git"}, {"version": "b0cc417c1637192be658e68a74c8d1568e3d35f6", "lessThan": "95a0ba85c1b51b36e909841c02d205cd223ab753", "status": "affected", "versionType": "git"}, {"version": "b0cc417c1637192be658e68a74c8d1568e3d35f6", "lessThan": "7b5488f4721fed6e121e661e165bab06ae2f8675", "status": "affected", "versionType": "git"}, {"version": "b0cc417c1637192be658e68a74c8d1568e3d35f6", "lessThan": "4838969e4d95d2bd2995d1605b20d3144fcb3e74", "status": "affected", "versionType": "git"}, {"version": "b0cc417c1637192be658e68a74c8d1568e3d35f6", "lessThan": "90aefae2e3a770a6909d339f5d8a988c0b0ceaf0", "status": "affected", "versionType": "git"}, {"version": "b0cc417c1637192be658e68a74c8d1568e3d35f6", "lessThan": "f9a9f43a62a04ec3183fb0da9226c7706eed0115", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/dma/xilinx/zynqmp_dma.c"], "versions": [{"version": "4.8", "status": "affected"}, {"version": "0", "lessThan": "4.8", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.198", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.122", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.47", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17.15", "lessThanOrEqual": "5.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18.4", "lessThanOrEqual": "5.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.8", "versionEndExcluding": "5.4.198"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.8", "versionEndExcluding": "5.10.122"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.8", "versionEndExcluding": "5.15.47"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.8", "versionEndExcluding": "5.17.15"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.8", "versionEndExcluding": "5.18.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.8", "versionEndExcluding": "5.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/83960276ffc9bf5570d4106490346b61e61be5f3"}, {"url": "https://git.kernel.org/stable/c/95a0ba85c1b51b36e909841c02d205cd223ab753"}, {"url": "https://git.kernel.org/stable/c/7b5488f4721fed6e121e661e165bab06ae2f8675"}, {"url": "https://git.kernel.org/stable/c/4838969e4d95d2bd2995d1605b20d3144fcb3e74"}, {"url": "https://git.kernel.org/stable/c/90aefae2e3a770a6909d339f5d8a988c0b0ceaf0"}, {"url": "https://git.kernel.org/stable/c/f9a9f43a62a04ec3183fb0da9226c7706eed0115"}], "title": "dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E45AC5F-6613-4B82-A23E-18D6B4EA5C82", "versionEndExcluding": "5.4.198", "versionStartIncluding": "4.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B42AA01-44D8-4572-95E6-FF8E374CF9C5", "versionEndExcluding": "5.10.122", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC042EE3-4864-4325-BE0B-4BCDBF11AA61", "versionEndExcluding": "5.15.47", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "53E7AA2E-2FB4-45CA-A22B-08B4EDBB51AD", "versionEndExcluding": "5.17.15", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA6D643C-6D6A-4821-8A8D-B5776B8F0103", "versionEndExcluding": "5.18.4", "versionStartIncluding": "5.18", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type\n\nIn zynqmp_dma_alloc/free_chan_resources functions there is a\npotential overflow in the below expressions.\n\ndma_alloc_coherent(chan->dev, (2 * chan->desc_size *\n\t\t ZYNQMP_DMA_NUM_DESCS),\n\t\t &chan->desc_pool_p, GFP_KERNEL);\n\ndma_free_coherent(chan->dev,(2 * ZYNQMP_DMA_DESC_SIZE(chan) *\n ZYNQMP_DMA_NUM_DESCS),\n chan->desc_pool_v, chan->desc_pool_p);\n\nThe arguments desc_size and ZYNQMP_DMA_NUM_DESCS were 32 bit. Though\nthis overflow condition is not observed but it is a potential problem\nin the case of 32-bit multiplication. Hence fix it by changing the\ndesc_size data type to size_t.\n\nIn addition to coverity fix it also reuse ZYNQMP_DMA_DESC_SIZE macro in\ndma_alloc_coherent API argument.\n\nAddresses-Coverity: Event overflow_before_widen."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: zynqmp_dma: En el tipo de datos fix desc_size de struct zynqmp_dma_chan En las funciones zynqmp_dma_alloc/free_chan_resources hay un desbordamiento potencial en las siguientes expresiones. dma_alloc_coherent(chan->dev, (2 * chan->desc_size * ZYNQMP_DMA_NUM_DESCS), &chan->desc_pool_p, GFP_KERNEL); dma_free_coherent(chan->dev,(2 * ZYNQMP_DMA_DESC_SIZE(chan) * ZYNQMP_DMA_NUM_DESCS), chan->desc_pool_v, chan->desc_pool_p); Los argumentos desc_size y ZYNQMP_DMA_NUM_DESCS eran de 32 bits. Aunque esta condici\u00f3n de desbordamiento no se observa, es un problema potencial en el caso de la multiplicaci\u00f3n de 32 bits. Por lo tanto, corr\u00edjala cambiando el tipo de datos desc_size a size_t. Adem\u00e1s de corregir la cobertura, tambi\u00e9n reutilice la macro ZYNQMP_DMA_DESC_SIZE en el argumento de API dma_alloc_coherent. Direcciones: cobertura: evento overflow_before_widen."}], "id": "CVE-2022-49320", "lastModified": "2025-09-22T20:46:23.707", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-26T07:01:08.840", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4838969e4d95d2bd2995d1605b20d3144fcb3e74"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7b5488f4721fed6e121e661e165bab06ae2f8675"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/83960276ffc9bf5570d4106490346b61e61be5f3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/90aefae2e3a770a6909d339f5d8a988c0b0ceaf0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/95a0ba85c1b51b36e909841c02d205cd223ab753"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f9a9f43a62a04ec3183fb0da9226c7706eed0115"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type", "id": "2348227", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348227"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type\nIn zynqmp_dma_alloc/free_chan_resources functions there is a\npotential overflow in the below expressions.\ndma_alloc_coherent(chan->dev, (2 * chan->desc_size *\nZYNQMP_DMA_NUM_DESCS),\n&chan->desc_pool_p, GFP_KERNEL);\ndma_free_coherent(chan->dev,(2 * ZYNQMP_DMA_DESC_SIZE(chan) *\nZYNQMP_DMA_NUM_DESCS),\nchan->desc_pool_v, chan->desc_pool_p);\nThe arguments desc_size and ZYNQMP_DMA_NUM_DESCS were 32 bit. Though\nthis overflow condition is not observed but it is a potential problem\nin the case of 32-bit multiplication. Hence fix it by changing the\ndesc_size data type to size_t.\nIn addition to coverity fix it also reuse ZYNQMP_DMA_DESC_SIZE macro in\ndma_alloc_coherent API argument.\nAddresses-Coverity: Event overflow_before_widen."], "name": "CVE-2022-49320", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49320\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49320\nhttps://lore.kernel.org/linux-cve-announce/2025022637-CVE-2022-49320-c76e@gregkh/T"], "threat_severity": "Low"}

{"created": "2025-07-12T22:00:58.539072+00:00", "updated": "2025-07-12T22:00:58.539122+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}