Linux Kernel Zynqmp DMA Engine Potential Overflow Vulnerability in Descriptor Size Handling

A vulnerability in the Linux kernel's Zynqmp DMA engine has been identified, related to a potential overflow in the handling of descriptor sizes within the DMA channel management functions. The issue arises because the descriptor size and the number of descriptors are treated as 32-bit values, which could lead to an overflow in certain multiplication scenarios, despite the overflow not being currently observed. The vulnerability has been addressed by changing the descriptor size data type to size_t, thereby preventing the potential overflow. Additionally, the fix reuses the ZYNQMP_DMA_DESC_SIZE macro in the argument for the dma_alloc_coherent function, improving consistency and clarity.

Impact

The vulnerability could lead to a memory overflow, potentially allowing for arbitrary memory access or manipulation, which could be exploited to cause undefined behavior in the kernel, such as memory corruption or privilege escalation.