Executive Summary

This vulnerability exists in the Linux kernel's serial 8250 driver related to DMA (Direct Memory Access) transactions. Specifically, the function dmaengine_terminate_async does not guarantee that the __dma_tx_complete callback will be executed. This callback is responsible for clearing the dma->tx_running flag, which indicates whether a DMA transmission is active.

If a DMA transaction is canceled and the callback never runs, the dma->tx_running flag remains set, causing the system to never schedule new TX DMA transactions again. The fix involves explicitly clearing dma->tx_running after terminating the DMA transaction while holding the UART port lock to ensure safe and serialized access.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can cause a deadlock in the transmission (TX) path of the serial 8250 driver when using DMA. Because the dma->tx_running flag may never be cleared if the callback does not run, new DMA transmission requests will not be scheduled. This can lead to a halt or significant delay in data transmission over the affected serial interface.

In practical terms, this could result in communication failures or degraded performance for systems relying on serial communication through this driver, potentially impacting system stability or functionality.

Useful 0 Not Useful 0

Mitigation Strategies

The vulnerability is related to the Linux kernel's serial 8250 driver and its handling of DMA transactions. To mitigate this vulnerability, you should update your Linux kernel to a version that includes the fix for the TX deadlock issue when using DMA.

This fix ensures that the dma->tx_running flag is properly cleared after terminating a DMA transaction, preventing the deadlock condition.

Applying the latest kernel updates or patches from your Linux distribution vendor is the immediate recommended step.

Useful 0 Not Useful 0