Linux Kernel Qcom Adm Dmaengine Driver Slave Config Vulnerability Leading to Kernel Panic

A vulnerability in the Linux kernel's Qcom ADM DMA engine driver has been fixed. The issue arose in the slave_config function, which incorrectly compared the peripheral_size with the size of the config pointer instead of the size of the config structure. This mistake caused the crci value to be ignored, leading to a kernel panic on any slave using the ADM driver. The vulnerability affected Linux kernel versions through 5.17.

Impact

The vulnerability caused a kernel panic on any slave using the ADM driver, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by using a slave that employs the ADM driver and configuring it in a way that the peripheral_size comparison error can be triggered. This will result in the crci value being ignored and cause a kernel panic.

Remediation

Users can upgrade to the latest version of the Linux kernel to address this vulnerability. The fixed version is included in the Linux kernel stable tree.