CVE-2022-49753

Summary

CVE-2022-49753 is a vulnerability affecting the Linux kernel's dmaengine component. The issue lies in the function dma_chan_get(), which incorrectly increments the client_count twice for public channels during the initial call. This results in an incorrect client count, leading to channel resources not being freed properly when they should be. Consequences include a kref underflow warning and potential use-after-free errors. The vulnerability can be identified through repeated module load and unload of the async_tx driver and can lead to incorrect results when querying the in_use status of DMA channels using the command 'cat /sys/class/dma/dma0chan\*/in_use'.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.