CVE-2022-50540 in Linux
Summary
by MITRE • 10/07/2025
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: qcom-adm: fix wrong sizeof config in slave_config
Fix broken slave_config function that uncorrectly compare the peripheral_size with the size of the config pointer instead of the size of the config struct. This cause the crci value to be ignored and cause a kernel panic on any slave that use adm driver.
To fix this, compare to the size of the struct and NOT the size of the pointer.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 04/19/2026
The vulnerability identified as CVE-2022-50540 represents a critical flaw in the Linux kernel's dmaengine subsystem, specifically within the Qualcomm ADM (Audio Data Manager) driver implementation. This issue affects systems utilizing the qcom-adm dmaengine driver for audio data transfer operations, where the driver fails to properly validate configuration parameters during the slave configuration process. The flaw manifests as a fundamental error in memory size comparison logic that directly impacts the driver's ability to correctly process peripheral configuration data.
The technical root cause of this vulnerability lies in an incorrect sizeof operation within the slave_config function implementation. The driver erroneously compares the peripheral_size parameter against the size of a configuration pointer rather than the actual size of the configuration structure itself. This fundamental mistake in memory management creates a scenario where the driver's internal data validation mechanism fails to properly recognize and process configuration parameters, particularly affecting the crci (channel request index) value that is essential for proper DMA channel allocation and operation. According to CWE-123, this represents a weakness in the implementation of memory management operations where incorrect size calculations lead to improper data handling.
The operational impact of this vulnerability is severe and directly results in kernel panics whenever any slave device attempts to utilize the adm driver for data transfer operations. The incorrect memory size comparison causes the driver to ignore critical configuration values including the crci parameter, which fundamentally breaks the DMA channel management functionality. This leads to system instability and complete system crashes, making affected systems unusable until the kernel is patched or the problematic driver is disabled. The vulnerability affects all systems running Linux kernels with the qcom-adm driver enabled, particularly those utilizing Qualcomm-based audio hardware components.
The fix implemented addresses this issue by correcting the sizeof comparison to reference the actual configuration structure size rather than the pointer size. This modification ensures that the driver properly validates configuration parameters and correctly processes the crci values that are crucial for DMA channel operations. The resolution follows established kernel development practices for memory management and configuration validation, aligning with ATT&CK technique T1068 which involves privilege escalation through kernel vulnerabilities. Organizations should prioritize applying this patch to prevent potential system crashes and maintain operational stability. The fix demonstrates proper defensive programming practices where memory safety checks are correctly implemented to prevent kernel-level failures that could be exploited by malicious actors to cause system instability or denial of service conditions.