CVE-2022-50721Information Exposure via Error Message in Linux

CWE-209Information Exposure via Error Message7 documents6 sources
Severity
5.1MEDIUM
No vector
EPSS
0.0%
top 93.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg The calling convention for pre_slave_sg is to return NULL on error and provide an error log to the system. Qcom-adm instead provide error pointer when an error occur. This indirectly cause kernel panic for example for the nandc driver that checks only if the pointer returned by device_prep_slave_sg is not NULL. Returning an error pointer makes nandc think the

Affected Packages4 packages

Linuxlinux/linux_kernel5.11.05.19.17+1
Debianlinux/linux_kernel< 6.0.3-1+2
CVEListV5linux/linux5c9f8c2dbdbe53818bcde6aa6695e1331e5f841f5653bd0200944e5803fa8e32dc36aa49931312f9+3
debiandebian/linux< linux 6.0.3-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-9gcm-5rwh-p2jv: In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg The calling2025-12-24
OSV
dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg2025-12-24
OSV
CVE-2022-50721: In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg The calling co2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg2025-12-24
Debian
CVE-2022-50721: linux - In the Linux kernel, the following vulnerability has been resolved: dmaengine: ...2022

🕵️Threat Intelligence

1
Wiz
CVE-2022-50721 Impact, Exploitability, and Mitigation Steps | Wiz