CVE-2022-49753

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0-185.el9.x86 64

Description A vulnerability in the Linux kernel has been resolved, related to the dmaengine. The issue is caused by a double increment of the client count in the dma chan get() function, leading to an incorrect client count and potential resource leaks. This can result in a kref underflow warning, as demonstrated by a test of repeated module load and unload of async tx on a Dell Power Edge R7425. The vulnerability affects the dma chan get() function and can cause issues with channel resources not being freed when they should be.

Recommendations For Linux kernel versions prior to 5.14.0-185.el9.x86 64, update to a newer version that includes the fix for the dmaengine issue. As a temporary workaround, consider disabling the dma chan get() function until a patch is available. Restrict access to the vulnerable dmaengine module to minimize the risk of exploitation. Avoid using the dma chan get() function in the affected API endpoints until the issue is resolved.