CVE-2022-49753: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability was discovered in the DMA engine subsystem. The issue occurs in dmachanget() where the channel clientcount is incorrectly incremented twice for public channels - first in balanceref_count(), and again prior to returning. This vulnerability was disclosed on March 27, 2025 and affects Linux kernel versions from 5.11 up to (excluding) 5.15.91 and from 5.16 up to (excluding) 6.1.9 (NVD).

The vulnerability stems from a double increment of the clientcount counter in the DMA channel management code. When dmachanget() is called for the first time on a channel, the clientcount is incremented once in balancerefcount() and then again before the function returns. This incorrect counting leads to an inaccurate client count which prevents proper resource cleanup (NVD).

The incorrect client count tracking results in channel resources not being freed when they should be. This can lead to resource leaks and potential system instability. The issue manifests as a kref underflow warning when performing operations like repeated module loading and unloading of async_tx (NVD).

The vulnerability has been patched in the Linux kernel. The fix involves correcting the clientcount increment logic in dmachan_get(). System administrators should update to kernel versions 5.15.91, 6.1.9 or later that contain the fix (NVD).