ghsa-gqc7-5rv7-5pv6
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
mmc: jz4740: Apply DMA engine limits to maximum segment size
Do what is done in other DMA-enabled MMC host drivers (cf. host/mmci.c) and limit the maximum segment size based on the DMA engine's capabilities. This is needed to avoid warnings like the following with CONFIG_DMA_API_DEBUG=y.
------------[ cut here ]------------ WARNING: CPU: 0 PID: 21 at kernel/dma/debug.c:1162 debug_dma_map_sg+0x2f4/0x39c DMA-API: jz4780-dma 13420000.dma-controller: mapping sg segment longer than device claims to support [len=98304] [max=65536] CPU: 0 PID: 21 Comm: kworker/0:1H Not tainted 5.18.0-rc1 #19 Workqueue: kblockd blk_mq_run_work_fn Stack : 81575aec 00000004 80620000 80620000 80620000 805e7358 00000009 801537ac 814c832c 806276e3 806e34b4 80620000 81575aec 00000001 81575ab8 09291444 00000000 00000000 805e7358 81575958 ffffffea 8157596c 00000000 636f6c62 6220646b 80387a70 0000000f 6d5f6b6c 80620000 00000000 81575ba4 00000009 805e170c 80896640 00000001 00010000 00000000 00000000 00006098 806e0000 ... Call Trace: [<80107670>] show_stack+0x84/0x120 [<80528cd8>] __warn+0xb8/0xec [<80528d78>] warn_slowpath_fmt+0x6c/0xb8 [<8016f1d4>] debug_dma_map_sg+0x2f4/0x39c [<80169d4c>] __dma_map_sg_attrs+0xf0/0x118 [<8016a27c>] dma_map_sg_attrs+0x14/0x28 [<804f66b4>] jz4740_mmc_prepare_dma_data+0x74/0xa4 [<804f6714>] jz4740_mmc_pre_request+0x30/0x54 [<804f4ff4>] mmc_blk_mq_issue_rq+0x6e0/0x7bc [<804f5590>] mmc_mq_queue_rq+0x220/0x2d4 [<8038b2c0>] blk_mq_dispatch_rq_list+0x480/0x664 [<80391040>] blk_mq_do_dispatch_sched+0x2dc/0x370 [<80391468>] __blk_mq_sched_dispatch_requests+0xec/0x164 [<80391540>] blk_mq_sched_dispatch_requests+0x44/0x94 [<80387900>] __blk_mq_run_hw_queue+0xb0/0xcc [<80134c14>] process_one_work+0x1b8/0x264 [<80134ff8>] worker_thread+0x2ec/0x3b8 [<8013b13c>] kthread+0x104/0x10c [<80101dcc>] ret_from_kernel_thread+0x14/0x1c
---[ end trace 0000000000000000 ]---
{
"affected": [],
"aliases": [
"CVE-2022-49522"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:28Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: jz4740: Apply DMA engine limits to maximum segment size\n\nDo what is done in other DMA-enabled MMC host drivers (cf. host/mmci.c) and\nlimit the maximum segment size based on the DMA engine\u0027s capabilities. This\nis needed to avoid warnings like the following with CONFIG_DMA_API_DEBUG=y.\n\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 21 at kernel/dma/debug.c:1162 debug_dma_map_sg+0x2f4/0x39c\nDMA-API: jz4780-dma 13420000.dma-controller: mapping sg segment longer than device claims to support [len=98304] [max=65536]\nCPU: 0 PID: 21 Comm: kworker/0:1H Not tainted 5.18.0-rc1 #19\nWorkqueue: kblockd blk_mq_run_work_fn\nStack : 81575aec 00000004 80620000 80620000 80620000 805e7358 00000009 801537ac\n 814c832c 806276e3 806e34b4 80620000 81575aec 00000001 81575ab8 09291444\n 00000000 00000000 805e7358 81575958 ffffffea 8157596c 00000000 636f6c62\n 6220646b 80387a70 0000000f 6d5f6b6c 80620000 00000000 81575ba4 00000009\n 805e170c 80896640 00000001 00010000 00000000 00000000 00006098 806e0000\n ...\nCall Trace:\n[\u003c80107670\u003e] show_stack+0x84/0x120\n[\u003c80528cd8\u003e] __warn+0xb8/0xec\n[\u003c80528d78\u003e] warn_slowpath_fmt+0x6c/0xb8\n[\u003c8016f1d4\u003e] debug_dma_map_sg+0x2f4/0x39c\n[\u003c80169d4c\u003e] __dma_map_sg_attrs+0xf0/0x118\n[\u003c8016a27c\u003e] dma_map_sg_attrs+0x14/0x28\n[\u003c804f66b4\u003e] jz4740_mmc_prepare_dma_data+0x74/0xa4\n[\u003c804f6714\u003e] jz4740_mmc_pre_request+0x30/0x54\n[\u003c804f4ff4\u003e] mmc_blk_mq_issue_rq+0x6e0/0x7bc\n[\u003c804f5590\u003e] mmc_mq_queue_rq+0x220/0x2d4\n[\u003c8038b2c0\u003e] blk_mq_dispatch_rq_list+0x480/0x664\n[\u003c80391040\u003e] blk_mq_do_dispatch_sched+0x2dc/0x370\n[\u003c80391468\u003e] __blk_mq_sched_dispatch_requests+0xec/0x164\n[\u003c80391540\u003e] blk_mq_sched_dispatch_requests+0x44/0x94\n[\u003c80387900\u003e] __blk_mq_run_hw_queue+0xb0/0xcc\n[\u003c80134c14\u003e] process_one_work+0x1b8/0x264\n[\u003c80134ff8\u003e] worker_thread+0x2ec/0x3b8\n[\u003c8013b13c\u003e] kthread+0x104/0x10c\n[\u003c80101dcc\u003e] ret_from_kernel_thread+0x14/0x1c\n\n---[ end trace 0000000000000000 ]---",
"id": "GHSA-gqc7-5rv7-5pv6",
"modified": "2025-10-21T12:31:26Z",
"published": "2025-10-21T12:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49522"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/353298cadbd4c7d8e8a16d6000066414694933c3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7923f95997a79cef2ad161a2facae64c25a0bca0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/807f90f1960a59dc557542b818c484a8db9ac978"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/90281cadf5077f2d2bec8b08c2ead1f8cd12660e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a828920b9ec0d89d3011198d482b7fe224d2de19"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/afadb04f1d6e74b18a253403f5274cde5e3fd7bd"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.