Bug 2402260 (CVE-2022-50541) - CVE-2022-50541 kernel: dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow
Summary: CVE-2022-50541 kernel: dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counte...
Keywords:
Status: NEW
Alias: CVE-2022-50541
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-10-07 16:06 UTC by OSIDB Bzimport
Modified: 2025-10-07 16:29 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-10-07 16:06:03 UTC 
In the Linux kernel, the following vulnerability has been resolved:

dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow

UDMA_CHAN_RT_*BCNT_REG stores the real-time channel bytecount statistics.
These registers are 32-bit hardware counters and the driver uses these
counters to monitor the operational progress status for a channel, when
transferring more than 4GB of data it was observed that these counters
overflow and completion calculation of a operation gets affected and the
transfer hangs indefinitely.

This commit adds changes to decrease the byte count for every complete
transaction so that these registers never overflow and the proper byte
count statistics is maintained for ongoing transaction by the RT counters.

Earlier uc->bcnt used to maintain a count of the completed bytes at driver
side, since the RT counters maintain the statistics of current transaction
now, the maintenance of uc->bcnt is not necessary.
Comment 1 Jon Moroney 2025-10-07 16:27:42 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025100756-CVE-2022-50541-e1fe@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.