Impact
The Linux kernel fastrpc subsystem incorrectly used find_vma to locate a user-space pointer while computing a DMA address offset. If the pointer lay in the gap preceding the returned VMA, the calculation underflowed, producing a corrupted DMA address that was then communicated to the DSP. This flaw can cause the kernel to map memory incorrectly for DMA operations, potentially allowing data corruption or unintended data exposure. The weakness is an integer or memory offset misuse that leads to improper DMA mappings.
Affected Systems
Any Linux system running kernel versions that include the fastrpc module without the patch commit that replaces find_vma with vma_lookup(). The vulnerability is present in all affected builds prior to the patch and applies to the generic Linux kernel across all architectures that use fastrpc for DMA.
Risk and Exploitability
The CVSS score is not available, and the EPSS score is < 1%. The vulnerability is not listed in CISA KEV catalog. The flaw requires kernel-level execution, and an attacker would need to influence the fastrpc argument to trigger the underflow. While there is no documented exploit yet, the integrity impact could be significant if the kernel maps DMA buffers incorrectly.
OpenCVE Enrichment
Debian DLA