{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49522", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T02:08:31.588Z", "datePublished": "2025-02-26T02:13:47.278Z", "dateUpdated": "2025-05-04T08:39:43.953Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:39:43.953Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: jz4740: Apply DMA engine limits to maximum segment size\n\nDo what is done in other DMA-enabled MMC host drivers (cf. host/mmci.c) and\nlimit the maximum segment size based on the DMA engine's capabilities. This\nis needed to avoid warnings like the following with CONFIG_DMA_API_DEBUG=y.\n\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 21 at kernel/dma/debug.c:1162 debug_dma_map_sg+0x2f4/0x39c\nDMA-API: jz4780-dma 13420000.dma-controller: mapping sg segment longer than device claims to support [len=98304] [max=65536]\nCPU: 0 PID: 21 Comm: kworker/0:1H Not tainted 5.18.0-rc1 #19\nWorkqueue: kblockd blk_mq_run_work_fn\nStack : 81575aec 00000004 80620000 80620000 80620000 805e7358 00000009 801537ac\n 814c832c 806276e3 806e34b4 80620000 81575aec 00000001 81575ab8 09291444\n 00000000 00000000 805e7358 81575958 ffffffea 8157596c 00000000 636f6c62\n 6220646b 80387a70 0000000f 6d5f6b6c 80620000 00000000 81575ba4 00000009\n 805e170c 80896640 00000001 00010000 00000000 00000000 00006098 806e0000\n ...\nCall Trace:\n[<80107670>] show_stack+0x84/0x120\n[<80528cd8>] __warn+0xb8/0xec\n[<80528d78>] warn_slowpath_fmt+0x6c/0xb8\n[<8016f1d4>] debug_dma_map_sg+0x2f4/0x39c\n[<80169d4c>] __dma_map_sg_attrs+0xf0/0x118\n[<8016a27c>] dma_map_sg_attrs+0x14/0x28\n[<804f66b4>] jz4740_mmc_prepare_dma_data+0x74/0xa4\n[<804f6714>] jz4740_mmc_pre_request+0x30/0x54\n[<804f4ff4>] mmc_blk_mq_issue_rq+0x6e0/0x7bc\n[<804f5590>] mmc_mq_queue_rq+0x220/0x2d4\n[<8038b2c0>] blk_mq_dispatch_rq_list+0x480/0x664\n[<80391040>] blk_mq_do_dispatch_sched+0x2dc/0x370\n[<80391468>] __blk_mq_sched_dispatch_requests+0xec/0x164\n[<80391540>] blk_mq_sched_dispatch_requests+0x44/0x94\n[<80387900>] __blk_mq_run_hw_queue+0xb0/0xcc\n[<80134c14>] process_one_work+0x1b8/0x264\n[<80134ff8>] worker_thread+0x2ec/0x3b8\n[<8013b13c>] kthread+0x104/0x10c\n[<80101dcc>] ret_from_kernel_thread+0x14/0x1c\n\n---[ end trace 0000000000000000 ]---"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mmc/host/jz4740_mmc.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "7923f95997a79cef2ad161a2facae64c25a0bca0", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "90281cadf5077f2d2bec8b08c2ead1f8cd12660e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "353298cadbd4c7d8e8a16d6000066414694933c3", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "807f90f1960a59dc557542b818c484a8db9ac978", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "a828920b9ec0d89d3011198d482b7fe224d2de19", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "afadb04f1d6e74b18a253403f5274cde5e3fd7bd", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mmc/host/jz4740_mmc.c"], "versions": [{"version": "5.4.198", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.121", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.46", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17.14", "lessThanOrEqual": "5.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18.3", "lessThanOrEqual": "5.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.4.198"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.121"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.46"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.17.14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.18.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/7923f95997a79cef2ad161a2facae64c25a0bca0"}, {"url": "https://git.kernel.org/stable/c/90281cadf5077f2d2bec8b08c2ead1f8cd12660e"}, {"url": "https://git.kernel.org/stable/c/353298cadbd4c7d8e8a16d6000066414694933c3"}, {"url": "https://git.kernel.org/stable/c/807f90f1960a59dc557542b818c484a8db9ac978"}, {"url": "https://git.kernel.org/stable/c/a828920b9ec0d89d3011198d482b7fe224d2de19"}, {"url": "https://git.kernel.org/stable/c/afadb04f1d6e74b18a253403f5274cde5e3fd7bd"}], "title": "mmc: jz4740: Apply DMA engine limits to maximum segment size", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: jz4740: Apply DMA engine limits to maximum segment size\n\nDo what is done in other DMA-enabled MMC host drivers (cf. host/mmci.c) and\nlimit the maximum segment size based on the DMA engine's capabilities. This\nis needed to avoid warnings like the following with CONFIG_DMA_API_DEBUG=y.\n\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 21 at kernel/dma/debug.c:1162 debug_dma_map_sg+0x2f4/0x39c\nDMA-API: jz4780-dma 13420000.dma-controller: mapping sg segment longer than device claims to support [len=98304] [max=65536]\nCPU: 0 PID: 21 Comm: kworker/0:1H Not tainted 5.18.0-rc1 #19\nWorkqueue: kblockd blk_mq_run_work_fn\nStack : 81575aec 00000004 80620000 80620000 80620000 805e7358 00000009 801537ac\n 814c832c 806276e3 806e34b4 80620000 81575aec 00000001 81575ab8 09291444\n 00000000 00000000 805e7358 81575958 ffffffea 8157596c 00000000 636f6c62\n 6220646b 80387a70 0000000f 6d5f6b6c 80620000 00000000 81575ba4 00000009\n 805e170c 80896640 00000001 00010000 00000000 00000000 00006098 806e0000\n ...\nCall Trace:\n[<80107670>] show_stack+0x84/0x120\n[<80528cd8>] __warn+0xb8/0xec\n[<80528d78>] warn_slowpath_fmt+0x6c/0xb8\n[<8016f1d4>] debug_dma_map_sg+0x2f4/0x39c\n[<80169d4c>] __dma_map_sg_attrs+0xf0/0x118\n[<8016a27c>] dma_map_sg_attrs+0x14/0x28\n[<804f66b4>] jz4740_mmc_prepare_dma_data+0x74/0xa4\n[<804f6714>] jz4740_mmc_pre_request+0x30/0x54\n[<804f4ff4>] mmc_blk_mq_issue_rq+0x6e0/0x7bc\n[<804f5590>] mmc_mq_queue_rq+0x220/0x2d4\n[<8038b2c0>] blk_mq_dispatch_rq_list+0x480/0x664\n[<80391040>] blk_mq_do_dispatch_sched+0x2dc/0x370\n[<80391468>] __blk_mq_sched_dispatch_requests+0xec/0x164\n[<80391540>] blk_mq_sched_dispatch_requests+0x44/0x94\n[<80387900>] __blk_mq_run_hw_queue+0xb0/0xcc\n[<80134c14>] process_one_work+0x1b8/0x264\n[<80134ff8>] worker_thread+0x2ec/0x3b8\n[<8013b13c>] kthread+0x104/0x10c\n[<80101dcc>] ret_from_kernel_thread+0x14/0x1c\n\n---[ end trace 0000000000000000 ]---"}], "id": "CVE-2022-49522", "lastModified": "2025-02-26T07:01:28.210", "metrics": {}, "published": "2025-02-26T07:01:28.210", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/353298cadbd4c7d8e8a16d6000066414694933c3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7923f95997a79cef2ad161a2facae64c25a0bca0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/807f90f1960a59dc557542b818c484a8db9ac978"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/90281cadf5077f2d2bec8b08c2ead1f8cd12660e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a828920b9ec0d89d3011198d482b7fe224d2de19"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/afadb04f1d6e74b18a253403f5274cde5e3fd7bd"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"bugzilla": {"description": "kernel: mmc: jz4740: Apply DMA engine limits to maximum segment size", "id": "2347831", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347831"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmmc: jz4740: Apply DMA engine limits to maximum segment size\nDo what is done in other DMA-enabled MMC host drivers (cf. host/mmci.c) and\nlimit the maximum segment size based on the DMA engine's capabilities. This\nis needed to avoid warnings like the following with CONFIG_DMA_API_DEBUG=y.\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 21 at kernel/dma/debug.c:1162 debug_dma_map_sg+0x2f4/0x39c\nDMA-API: jz4780-dma 13420000.dma-controller: mapping sg segment longer than device claims to support [len=98304] [max=65536]\nCPU: 0 PID: 21 Comm: kworker/0:1H Not tainted 5.18.0-rc1 #19\nWorkqueue: kblockd blk_mq_run_work_fn\nStack : 81575aec 00000004 80620000 80620000 80620000 805e7358 00000009 801537ac\n814c832c 806276e3 806e34b4 80620000 81575aec 00000001 81575ab8 09291444\n00000000 00000000 805e7358 81575958 ffffffea 8157596c 00000000 636f6c62\n6220646b 80387a70 0000000f 6d5f6b6c 80620000 00000000 81575ba4 00000009\n805e170c 80896640 00000001 00010000 00000000 00000000 00006098 806e0000\n...\nCall Trace:\n[<80107670>] show_stack+0x84/0x120\n[<80528cd8>] __warn+0xb8/0xec\n[<80528d78>] warn_slowpath_fmt+0x6c/0xb8\n[<8016f1d4>] debug_dma_map_sg+0x2f4/0x39c\n[<80169d4c>] __dma_map_sg_attrs+0xf0/0x118\n[<8016a27c>] dma_map_sg_attrs+0x14/0x28\n[<804f66b4>] jz4740_mmc_prepare_dma_data+0x74/0xa4\n[<804f6714>] jz4740_mmc_pre_request+0x30/0x54\n[<804f4ff4>] mmc_blk_mq_issue_rq+0x6e0/0x7bc\n[<804f5590>] mmc_mq_queue_rq+0x220/0x2d4\n[<8038b2c0>] blk_mq_dispatch_rq_list+0x480/0x664\n[<80391040>] blk_mq_do_dispatch_sched+0x2dc/0x370\n[<80391468>] __blk_mq_sched_dispatch_requests+0xec/0x164\n[<80391540>] blk_mq_sched_dispatch_requests+0x44/0x94\n[<80387900>] __blk_mq_run_hw_queue+0xb0/0xcc\n[<80134c14>] process_one_work+0x1b8/0x264\n[<80134ff8>] worker_thread+0x2ec/0x3b8\n[<8013b13c>] kthread+0x104/0x10c\n[<80101dcc>] ret_from_kernel_thread+0x14/0x1c\n---[ end trace 0000000000000000 ]---"], "name": "CVE-2022-49522", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49522\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49522\nhttps://lore.kernel.org/linux-cve-announce/2025022611-CVE-2022-49522-ced4@gregkh/T"], "threat_severity": "Low"}