Linux Kernel Real-Time DMA Channel Byte Counter Overflow Vulnerability

A vulnerability in the Linux kernel's DMA engine for Texas Instruments K3-UDMA can lead to an indefinite hang during data transfers. This issue arises because the UDMA_CHAN_RT byte count registers, which are 32-bit hardware counters, overflow when more than 4GB of data is transferred. The overflow disrupts the completion calculation of the operation, causing the transfer to stall. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can cause data transfers to hang indefinitely, disrupting operations that rely on the DMA channel.

Reproduction

The vulnerability can be reproduced by transferring more than 4GB of data using a DMA channel managed by the TI K3-UDMA driver. Monitor the UDMA_CHAN_RT byte count registers during the transfer to observe the overflow and resulting hang in the operation.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest version to apply the fix.