CVE-2022-50145

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17.0-rc5

Description A data race issue in the Linux kernel's dmaengine sf-pdma component allows multiple threads to access and modify a DMA channel's descriptor simultaneously, leading to a NULL pointer dereference and system crashes. This occurs when the device prep dma memcpy() function is called, causing threads to overwrite the channel's descriptor. The issue is resolved by ensuring that a descriptor's value only changes after it has been used and by acquiring new descriptors from a queue that is filled with ready-to-be-sent descriptors.

Recommendations For Linux kernel versions prior to 5.17.0-rc5, update to a version that includes the fix for the dmaengine sf-pdma component to add multithread support for a DMA channel. As a temporary workaround, consider restricting access to the device prep dma memcpy() function to minimize the risk of exploitation. Additionally, avoid using multiple threads to access the same DMA channel until the issue is resolved.