Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-50540
CVE-2022-50540:
Linux Kernel vulnerability analysis and mitigation
Overview
A vulnerability in the Linux kernel's DMA engine (CVE-2022-50540) was identified and resolved, specifically affecting the Qualcomm ADM driver. The issue was related to incorrect size comparison in the slave_config function (NVD, Ubuntu).
Technical details
The vulnerability stems from a broken slaveconfig function that incorrectly compares the peripheralsize with the size of the config pointer instead of the size of the config struct. This implementation error causes the CRCI (Client Rate Control Interface) value to be ignored (Red Hat). The vulnerability has been assigned a CVSS v3.1 base score of 7.0 with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (Red Hat).
Impact
The vulnerability can result in a kernel panic on any slave that uses the ADM driver, potentially affecting system stability and availability (NVD).
Mitigation and workarounds
The fix involves modifying the size comparison to compare against the size of the struct instead of the size of the pointer (NVD).
Additional resources
Source: This report was generated using AI
Related Linux Kernel vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management