{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-24T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: crypto: qat - fix DMA transfer direction",
    "id" : "2425164",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2425164"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-628",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ncrypto: qat - fix DMA transfer direction\nWhen CONFIG_DMA_API_DEBUG is selected, while running the crypto self\ntest on the QAT crypto algorithms, the function add_dma_entry() reports\na warning similar to the one below, saying that overlapping mappings\nare not supported. This occurs in tests where the input and the output\nscatter list point to the same buffers (i.e. two different scatter lists\nwhich point to the same chunks of memory).\nThe logic that implements the mapping uses the flag DMA_BIDIRECTIONAL\nfor both the input and the output scatter lists which leads to\noverlapped write mappings. These are not supported by the DMA layer.\nFix by specifying the correct DMA transfer directions when mapping\nbuffers. For in-place operations where the input scatter list\nmatches the output scatter list, buffers are mapped once with\nDMA_BIDIRECTIONAL, otherwise input buffers are mapped using the flag\nDMA_TO_DEVICE and output buffers are mapped with DMA_FROM_DEVICE.\nOverlapping a read mapping with a write mapping is a valid case in\ndma-coherent devices like QAT.\nThe function that frees and unmaps the buffers, qat_alg_free_bufl()\nhas been changed accordingly to the changes to the mapping function.\nDMA-API: 4xxx 0000:06:00.0: cacheline tracking EEXIST, overlapping mappings aren't supported\nWARNING: CPU: 53 PID: 4362 at kernel/dma/debug.c:570 add_dma_entry+0x1e9/0x270\n...\nCall Trace:\ndma_map_page_attrs+0x82/0x2d0\n? preempt_count_add+0x6a/0xa0\nqat_alg_sgl_to_bufl+0x45b/0x990 [intel_qat]\nqat_alg_aead_dec+0x71/0x250 [intel_qat]\ncrypto_aead_decrypt+0x3d/0x70\ntest_aead_vec_cfg+0x649/0x810\n? number+0x310/0x3a0\n? vsnprintf+0x2a3/0x550\n? scnprintf+0x42/0x70\n? valid_sg_divisions.constprop.0+0x86/0xa0\n? test_aead_vec+0xdf/0x120\ntest_aead_vec+0xdf/0x120\nalg_test_aead+0x185/0x400\nalg_test+0x3d8/0x500\n? crypto_acomp_scomp_free_ctx+0x30/0x30\n? __schedule+0x32a/0x12a0\n? ttwu_queue_wakelist+0xbf/0x110\n? _raw_spin_unlock_irqrestore+0x23/0x40\n? try_to_wake_up+0x83/0x570\n? _raw_spin_unlock_irqrestore+0x23/0x40\n? __set_cpus_allowed_ptr_locked+0xea/0x1b0\n? crypto_acomp_scomp_free_ctx+0x30/0x30\ncryptomgr_test+0x27/0x50\nkthread+0xe6/0x110\n? kthread_complete_and_exit+0x20/0x20\nret_from_fork+0x1f/0x30" ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support",
    "release_date" : "2023-01-30T00:00:00Z",
    "advisory" : "RHSA-2023:0512",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.0",
    "package" : "kernel-0:5.14.0-70.43.1.el9_0"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50774\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50774\nhttps://lore.kernel.org/linux-cve-announce/2025122459-CVE-2022-50774-73eb@gregkh/T" ],
  "name" : "CVE-2022-50774",
  "csaw" : false
}