{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-49320","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-02-26T02:08:31.537Z","datePublished":"2025-02-26T02:10:45.703Z","dateUpdated":"2025-05-04T08:35:08.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:35:08.000Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type\n\nIn zynqmp_dma_alloc/free_chan_resources functions there is a\npotential overflow in the below expressions.\n\ndma_alloc_coherent(chan->dev, (2 * chan->desc_size *\n\t\t   ZYNQMP_DMA_NUM_DESCS),\n\t\t   &chan->desc_pool_p, GFP_KERNEL);\n\ndma_free_coherent(chan->dev,(2 * ZYNQMP_DMA_DESC_SIZE(chan) *\n                 ZYNQMP_DMA_NUM_DESCS),\n                chan->desc_pool_v, chan->desc_pool_p);\n\nThe arguments desc_size and ZYNQMP_DMA_NUM_DESCS were 32 bit. Though\nthis overflow condition is not observed but it is a potential problem\nin the case of 32-bit multiplication. Hence fix it by changing the\ndesc_size data type to size_t.\n\nIn addition to coverity fix it also reuse ZYNQMP_DMA_DESC_SIZE macro in\ndma_alloc_coherent API argument.\n\nAddresses-Coverity: Event overflow_before_widen."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/dma/xilinx/zynqmp_dma.c"],"versions":[{"version":"b0cc417c1637192be658e68a74c8d1568e3d35f6","lessThan":"83960276ffc9bf5570d4106490346b61e61be5f3","status":"affected","versionType":"git"},{"version":"b0cc417c1637192be658e68a74c8d1568e3d35f6","lessThan":"95a0ba85c1b51b36e909841c02d205cd223ab753","status":"affected","versionType":"git"},{"version":"b0cc417c1637192be658e68a74c8d1568e3d35f6","lessThan":"7b5488f4721fed6e121e661e165bab06ae2f8675","status":"affected","versionType":"git"},{"version":"b0cc417c1637192be658e68a74c8d1568e3d35f6","lessThan":"4838969e4d95d2bd2995d1605b20d3144fcb3e74","status":"affected","versionType":"git"},{"version":"b0cc417c1637192be658e68a74c8d1568e3d35f6","lessThan":"90aefae2e3a770a6909d339f5d8a988c0b0ceaf0","status":"affected","versionType":"git"},{"version":"b0cc417c1637192be658e68a74c8d1568e3d35f6","lessThan":"f9a9f43a62a04ec3183fb0da9226c7706eed0115","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/dma/xilinx/zynqmp_dma.c"],"versions":[{"version":"4.8","status":"affected"},{"version":"0","lessThan":"4.8","status":"unaffected","versionType":"semver"},{"version":"5.4.198","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.122","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.47","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.17.15","lessThanOrEqual":"5.17.*","status":"unaffected","versionType":"semver"},{"version":"5.18.4","lessThanOrEqual":"5.18.*","status":"unaffected","versionType":"semver"},{"version":"5.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.4.198"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.10.122"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.15.47"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.17.15"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.18.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/83960276ffc9bf5570d4106490346b61e61be5f3"},{"url":"https://git.kernel.org/stable/c/95a0ba85c1b51b36e909841c02d205cd223ab753"},{"url":"https://git.kernel.org/stable/c/7b5488f4721fed6e121e661e165bab06ae2f8675"},{"url":"https://git.kernel.org/stable/c/4838969e4d95d2bd2995d1605b20d3144fcb3e74"},{"url":"https://git.kernel.org/stable/c/90aefae2e3a770a6909d339f5d8a988c0b0ceaf0"},{"url":"https://git.kernel.org/stable/c/f9a9f43a62a04ec3183fb0da9226c7706eed0115"}],"title":"dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type","x_generator":{"engine":"bippy-1.2.0"}}}}