Primary

Context

Linux Kernel Double Increment of Client Count Vulnerability in DMA Engine

Vulnerability

A vulnerability in the Linux kernel's DMA engine has been identified, where the 'client_count' for public channels is incorrectly incremented twice during the 'dma_chan_get()' function. This mismanagement of the reference count can lead to a 'use-after-free' condition, as the channel resources may not be released when they should be. The issue was observed in a Dell PowerEdge R7425 server running Linux kernel version 5.14.0-185.el9.x86_64.

Impact

Exploitation of this vulnerability causes a reference count underflow, leading to a use-after-free condition.

Reproduction

The vulnerability can be reproduced by repeatedly loading and unloading the 'async_tx' module on a Dell PowerEdge R7425 server. This process will trigger a 'kref underflow' warning, indicating that the reference count has been improperly managed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.3

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.3

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Double Increment of Client Count Vulnerability in DMA Engine

Vulnerability

Impact

Reproduction

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating