CVE-2022-50023
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-13
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's dmaengine component, specifically in the dw-axi-dmac driver. If an interrupt is raised when the channel has no descriptor, the kernel will experience an OOPS (a kernel crash). The issue arises because the interrupt handler does not properly check if there is a valid descriptor before proceeding. The fix involves checking the result of vchan_next_desc() in the interrupt handler to avoid this error.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash (OOPS) if an interrupt occurs when no descriptor is present in the dmaengine channel. This can lead to system instability, potential downtime, and disruption of services relying on the affected kernel component.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version where the vulnerability is fixed, specifically one that includes the patch to check the result of vchan_next_desc() in the handler axi_chan_block_xfer_complete() to avoid kernel OOPS when the channel has no descriptor and an interrupt is raised.