CVE-2022-49320: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type In zynqmp_dma_alloc/free_chan_resources functions there is a potential overflow in the below expressions. dma_alloc_coherent(chan->dev, (2 * chan->desc_size * ZYNQMP_DMA_NUM_DESCS), &chan->desc_pool_p, GFP_KERNEL); dma_free_coherent(chan->dev,(2 * ZYNQMP_DMA_DESC_SIZE(chan) * ZYNQMP_DMA_NUM_DESCS), chan->desc_pool_v, chan->desc_pool_p); The arguments desc_size and ZYNQMP_DMA_NUM_DESCS were 32 bit. Though this overflow condition is not observed but it is a potential problem in the case of 32-bit multiplication. Hence fix it by changing the desc_size data type to size_t. In addition to coverity fix it also reuse ZYNQMP_DMA_DESC_SIZE macro in dma_alloc_coherent API argument. Addresses-Coverity: Event overflow_before_widen.
AI Analysis
Technical Summary
CVE-2022-49320 is a vulnerability identified in the Linux kernel's DMA engine driver for the Zynq UltraScale+ MPSoC platform (zynqmp_dma). The issue stems from the use of 32-bit integer data types for the 'desc_size' and 'ZYNQMP_DMA_NUM_DESCS' variables involved in memory allocation calculations within the functions zynqmp_dma_alloc_chan_resources and zynqmp_dma_free_chan_resources. Specifically, these functions allocate and free coherent DMA memory using the expression (2 * chan->desc_size * ZYNQMP_DMA_NUM_DESCS). Because both 'desc_size' and 'ZYNQMP_DMA_NUM_DESCS' were 32-bit integers, their multiplication could potentially overflow, leading to an incorrect allocation size. Although no overflow has been observed in practice, the vulnerability represents a latent risk, especially on 32-bit architectures where integer overflow can cause buffer overflows or memory corruption. The fix involved changing the data type of 'desc_size' to size_t, which is an unsigned integer type capable of representing larger values appropriate for memory sizes, and reusing the ZYNQMP_DMA_DESC_SIZE macro to ensure consistent and safe size calculations. This correction prevents the potential overflow before the memory allocation calls, mitigating the risk of memory corruption or unexpected behavior in the DMA engine driver. The vulnerability was identified through static analysis (Coverity) and has been publicly disclosed without known exploits in the wild. The affected versions correspond to a specific Linux kernel commit (b0cc417c1637192be658e68a74c8d1568e3d35f6), indicating a narrow window of exposure. This vulnerability is primarily relevant to systems running Linux kernels with the affected zynqmp_dma driver, which is typically used in embedded systems based on Xilinx Zynq UltraScale+ MPSoC hardware platforms.
Potential Impact
For European organizations, the impact of CVE-2022-49320 is largely dependent on the deployment of embedded systems or industrial devices using the Xilinx Zynq UltraScale+ MPSoC platform running affected Linux kernel versions. Potential impacts include memory corruption in the DMA engine driver, which could lead to system instability, crashes, or in worst cases, privilege escalation or arbitrary code execution if exploited by a local attacker with access to the device. However, since this vulnerability requires specific hardware and kernel versions, and no known exploits exist in the wild, the immediate risk is low for most general-purpose IT environments. Critical infrastructure sectors such as manufacturing, automotive, telecommunications, or defense that deploy embedded Linux devices with this hardware may face higher risks. Disruption or compromise of such embedded systems could affect operational continuity or safety. Additionally, the vulnerability could be leveraged as part of a multi-stage attack chain if an attacker gains local access to the device. Therefore, organizations relying on embedded Linux devices with the zynqmp_dma driver should consider this vulnerability in their risk assessments and patch management processes.
Mitigation Recommendations
1. Apply the official Linux kernel patch that changes the 'desc_size' data type to size_t and reuses the ZYNQMP_DMA_DESC_SIZE macro as soon as it becomes available in your kernel version or distribution. 2. For embedded device manufacturers and integrators, rebuild and redeploy the Linux kernel with the fix included to all affected devices. 3. Conduct an inventory of embedded Linux devices using the Xilinx Zynq UltraScale+ MPSoC platform within your environment to identify potentially vulnerable systems. 4. Restrict local access to embedded devices running affected kernels to trusted personnel only, minimizing the risk of local exploitation. 5. Monitor vendor advisories and security bulletins for updates or additional mitigations related to this vulnerability. 6. Implement runtime protections such as kernel address space layout randomization (KASLR) and strict memory protection policies to reduce the impact of potential memory corruption. 7. For critical embedded systems, consider network segmentation and strict firewall rules to limit exposure and lateral movement in case of compromise. These steps go beyond generic advice by focusing on the specific hardware platform and kernel component affected.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Sweden, Finland
CVE-2022-49320: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type In zynqmp_dma_alloc/free_chan_resources functions there is a potential overflow in the below expressions. dma_alloc_coherent(chan->dev, (2 * chan->desc_size * ZYNQMP_DMA_NUM_DESCS), &chan->desc_pool_p, GFP_KERNEL); dma_free_coherent(chan->dev,(2 * ZYNQMP_DMA_DESC_SIZE(chan) * ZYNQMP_DMA_NUM_DESCS), chan->desc_pool_v, chan->desc_pool_p); The arguments desc_size and ZYNQMP_DMA_NUM_DESCS were 32 bit. Though this overflow condition is not observed but it is a potential problem in the case of 32-bit multiplication. Hence fix it by changing the desc_size data type to size_t. In addition to coverity fix it also reuse ZYNQMP_DMA_DESC_SIZE macro in dma_alloc_coherent API argument. Addresses-Coverity: Event overflow_before_widen.
AI-Powered Analysis
Technical Analysis
CVE-2022-49320 is a vulnerability identified in the Linux kernel's DMA engine driver for the Zynq UltraScale+ MPSoC platform (zynqmp_dma). The issue stems from the use of 32-bit integer data types for the 'desc_size' and 'ZYNQMP_DMA_NUM_DESCS' variables involved in memory allocation calculations within the functions zynqmp_dma_alloc_chan_resources and zynqmp_dma_free_chan_resources. Specifically, these functions allocate and free coherent DMA memory using the expression (2 * chan->desc_size * ZYNQMP_DMA_NUM_DESCS). Because both 'desc_size' and 'ZYNQMP_DMA_NUM_DESCS' were 32-bit integers, their multiplication could potentially overflow, leading to an incorrect allocation size. Although no overflow has been observed in practice, the vulnerability represents a latent risk, especially on 32-bit architectures where integer overflow can cause buffer overflows or memory corruption. The fix involved changing the data type of 'desc_size' to size_t, which is an unsigned integer type capable of representing larger values appropriate for memory sizes, and reusing the ZYNQMP_DMA_DESC_SIZE macro to ensure consistent and safe size calculations. This correction prevents the potential overflow before the memory allocation calls, mitigating the risk of memory corruption or unexpected behavior in the DMA engine driver. The vulnerability was identified through static analysis (Coverity) and has been publicly disclosed without known exploits in the wild. The affected versions correspond to a specific Linux kernel commit (b0cc417c1637192be658e68a74c8d1568e3d35f6), indicating a narrow window of exposure. This vulnerability is primarily relevant to systems running Linux kernels with the affected zynqmp_dma driver, which is typically used in embedded systems based on Xilinx Zynq UltraScale+ MPSoC hardware platforms.
Potential Impact
For European organizations, the impact of CVE-2022-49320 is largely dependent on the deployment of embedded systems or industrial devices using the Xilinx Zynq UltraScale+ MPSoC platform running affected Linux kernel versions. Potential impacts include memory corruption in the DMA engine driver, which could lead to system instability, crashes, or in worst cases, privilege escalation or arbitrary code execution if exploited by a local attacker with access to the device. However, since this vulnerability requires specific hardware and kernel versions, and no known exploits exist in the wild, the immediate risk is low for most general-purpose IT environments. Critical infrastructure sectors such as manufacturing, automotive, telecommunications, or defense that deploy embedded Linux devices with this hardware may face higher risks. Disruption or compromise of such embedded systems could affect operational continuity or safety. Additionally, the vulnerability could be leveraged as part of a multi-stage attack chain if an attacker gains local access to the device. Therefore, organizations relying on embedded Linux devices with the zynqmp_dma driver should consider this vulnerability in their risk assessments and patch management processes.
Mitigation Recommendations
1. Apply the official Linux kernel patch that changes the 'desc_size' data type to size_t and reuses the ZYNQMP_DMA_DESC_SIZE macro as soon as it becomes available in your kernel version or distribution. 2. For embedded device manufacturers and integrators, rebuild and redeploy the Linux kernel with the fix included to all affected devices. 3. Conduct an inventory of embedded Linux devices using the Xilinx Zynq UltraScale+ MPSoC platform within your environment to identify potentially vulnerable systems. 4. Restrict local access to embedded devices running affected kernels to trusted personnel only, minimizing the risk of local exploitation. 5. Monitor vendor advisories and security bulletins for updates or additional mitigations related to this vulnerability. 6. Implement runtime protections such as kernel address space layout randomization (KASLR) and strict memory protection policies to reduce the impact of potential memory corruption. 7. For critical embedded systems, consider network segmentation and strict firewall rules to limit exposure and lateral movement in case of compromise. These steps go beyond generic advice by focusing on the specific hardware platform and kernel component affected.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:08:31.537Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982dc4522896dcbe5654
Added to database: 5/21/2025, 9:09:01 AM
Last enriched: 6/30/2025, 5:43:38 AM
Last updated: 7/28/2025, 9:43:56 AM
Views: 10
Related Threats
CVE-2025-8947: SQL Injection in projectworlds Visitor Management System
MediumCVE-2025-8046: CWE-79 Cross-Site Scripting (XSS) in Injection Guard
MediumCVE-2025-7808: CWE-79 Cross-Site Scripting (XSS) in WP Shopify
HighCVE-2025-6790: CWE-352 Cross-Site Request Forgery (CSRF) in Quiz and Survey Master (QSM)
HighCVE-2025-3414: CWE-79 Cross-Site Scripting (XSS) in Structured Content (JSON-LD) #wpsc
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.