{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50375","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-17T14:53:06.996Z","datePublished":"2025-09-18T13:32:58.361Z","dateUpdated":"2026-05-11T19:18:20.373Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:18:20.373Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown\n\nlpuart_dma_shutdown tears down lpuart dma, but lpuart_flush_buffer can\nstill occur which in turn tries to access dma apis if lpuart_dma_tx_use\nflag is true. At this point since dma is torn down, these dma apis can\nabort. Set lpuart_dma_tx_use and the corresponding rx flag\nlpuart_dma_rx_use to false in lpuart_dma_shutdown so that dmas are not\naccessed after they are relinquished.\n\nOtherwise, when try to kill btattach, kernel may panic. This patch may\nfix this issue.\nroot@imx8ulpevk:~# btattach -B /dev/ttyLP2 -S 115200\n^C[   90.182296] Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMP\n[   90.189806] Modules linked in: moal(O) mlan(O)\n[   90.194258] CPU: 0 PID: 503 Comm: btattach Tainted: G           O      5.15.32-06136-g34eecdf2f9e4 #37\n[   90.203554] Hardware name: NXP i.MX8ULP 9X9 EVK (DT)\n[   90.208513] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   90.215470] pc : fsl_edma3_disable_request+0x8/0x60\n[   90.220358] lr : fsl_edma3_terminate_all+0x34/0x20c\n[   90.225237] sp : ffff800013f0bac0\n[   90.228548] x29: ffff800013f0bac0 x28: 0000000000000001 x27: ffff000008404800\n[   90.235681] x26: ffff000008404960 x25: ffff000008404a08 x24: ffff000008404a00\n[   90.242813] x23: ffff000008404a60 x22: 0000000000000002 x21: 0000000000000000\n[   90.249946] x20: ffff800013f0baf8 x19: ffff00000559c800 x18: 0000000000000000\n[   90.257078] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n[   90.264211] x14: 0000000000000003 x13: 0000000000000000 x12: 0000000000000040\n[   90.271344] x11: ffff00000600c248 x10: ffff800013f0bb10 x9 : ffff000057bcb090\n[   90.278477] x8 : fffffc0000241a08 x7 : ffff00000534ee00 x6 : ffff000008404804\n[   90.285609] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff0000055b3480\n[   90.292742] x2 : ffff8000135c0000 x1 : ffff00000534ee00 x0 : ffff00000559c800\n[   90.299876] Call trace:\n[   90.302321]  fsl_edma3_disable_request+0x8/0x60\n[   90.306851]  lpuart_flush_buffer+0x40/0x160\n[   90.311037]  uart_flush_buffer+0x88/0x120\n[   90.315050]  tty_driver_flush_buffer+0x20/0x30\n[   90.319496]  hci_uart_flush+0x44/0x90\n[   90.323162]  +0x34/0x12c\n[   90.327253]  tty_ldisc_close+0x38/0x70\n[   90.331005]  tty_ldisc_release+0xa8/0x190\n[   90.335018]  tty_release_struct+0x24/0x8c\n[   90.339022]  tty_release+0x3ec/0x4c0\n[   90.342593]  __fput+0x70/0x234\n[   90.345652]  ____fput+0x14/0x20\n[   90.348790]  task_work_run+0x84/0x17c\n[   90.352455]  do_exit+0x310/0x96c\n[   90.355688]  do_group_exit+0x3c/0xa0\n[   90.359259]  __arm64_sys_exit_group+0x1c/0x20\n[   90.363609]  invoke_syscall+0x48/0x114\n[   90.367362]  el0_svc_common.constprop.0+0xd4/0xfc\n[   90.372068]  do_el0_svc+0x2c/0x94\n[   90.375379]  el0_svc+0x28/0x80\n[   90.378438]  el0t_64_sync_handler+0xa8/0x130\n[   90.382711]  el0t_64_sync+0x1a0/0x1a4\n[   90.386376] Code: 17ffffda d503201f d503233f f9409802 (b9400041)\n[   90.392467] ---[ end trace 2f60524b4a43f1f6 ]---\n[   90.397073] note: btattach[503] exited with preempt_count 1\n[   90.402636] Fixing recursive fault but reboot is needed!"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/tty/serial/fsl_lpuart.c"],"versions":[{"version":"6250cc30c4c4e25393ba247f71bdc04b6af3191b","lessThan":"29b897ac7b990882c74bd08605692214e7e58b83","status":"affected","versionType":"git"},{"version":"6250cc30c4c4e25393ba247f71bdc04b6af3191b","lessThan":"9a56ade124d4891a31ab1300c57665f07f5b24d5","status":"affected","versionType":"git"},{"version":"6250cc30c4c4e25393ba247f71bdc04b6af3191b","lessThan":"c4293def8860fd587a84400ccba5b49cec56e2c3","status":"affected","versionType":"git"},{"version":"6250cc30c4c4e25393ba247f71bdc04b6af3191b","lessThan":"d554c14eb73ee91d76fc9aece4616f0b687c295d","status":"affected","versionType":"git"},{"version":"6250cc30c4c4e25393ba247f71bdc04b6af3191b","lessThan":"3953e7f261e2f4d9c35f0c025df9f166f46aa626","status":"affected","versionType":"git"},{"version":"6250cc30c4c4e25393ba247f71bdc04b6af3191b","lessThan":"316ae95c175a7d770d1bfe4c011192712f57aa4a","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/tty/serial/fsl_lpuart.c"],"versions":[{"version":"4.9","status":"affected"},{"version":"0","lessThan":"4.9","status":"unaffected","versionType":"semver"},{"version":"5.4.220","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.150","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.75","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.19.17","lessThanOrEqual":"5.19.*","status":"unaffected","versionType":"semver"},{"version":"6.0.3","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"5.4.220"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"5.10.150"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"5.15.75"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"5.19.17"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"6.0.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"6.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/29b897ac7b990882c74bd08605692214e7e58b83"},{"url":"https://git.kernel.org/stable/c/9a56ade124d4891a31ab1300c57665f07f5b24d5"},{"url":"https://git.kernel.org/stable/c/c4293def8860fd587a84400ccba5b49cec56e2c3"},{"url":"https://git.kernel.org/stable/c/d554c14eb73ee91d76fc9aece4616f0b687c295d"},{"url":"https://git.kernel.org/stable/c/3953e7f261e2f4d9c35f0c025df9f166f46aa626"},{"url":"https://git.kernel.org/stable/c/316ae95c175a7d770d1bfe4c011192712f57aa4a"}],"title":"tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2022-50375","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2026-01-14T18:46:25.103854Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","description":"CWE-noinfo Not enough information"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-14T18:53:02.884Z"}}]}}