{ "threat_severity" : "Moderate", "public_date" : "2025-12-24T00:00:00Z", "bugzilla" : { "description" : "kernel: dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg", "id" : "2425058", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2425058" }, "cvss3" : { "cvss3_base_score" : "5.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-209", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg\nThe calling convention for pre_slave_sg is to return NULL on error and\nprovide an error log to the system. Qcom-adm instead provide error\npointer when an error occur. This indirectly cause kernel panic for\nexample for the nandc driver that checks only if the pointer returned by\ndevice_prep_slave_sg is not NULL. Returning an error pointer makes nandc\nthink the device_prep_slave_sg function correctly completed and makes\nthe kernel panics later in the code.\nWhile nandc is the one that makes the kernel crash, it was pointed out\nthat the real problem is qcom-adm not following calling convention for\nthat function.\nTo fix this, drop returning error pointer and return NULL with an error\nlog.", "A flaw was found in the Linux kernel’s dmaengine qcom-adm implementation where the function prep_slave_sg did not adhere to the documented error return convention. On error, it returned an error pointer instead of NULL, which can cause consumers that check only for non-NULL to assume success and later dereference an invalid pointer. Under certain workloads (e.g., with the nandc driver), this can lead to a kernel panic, resulting in an availability impact." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50721\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50721\nhttps://lore.kernel.org/linux-cve-announce/2025122417-CVE-2022-50721-9683@gregkh/T" ], "name" : "CVE-2022-50721", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }