Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-48761

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
20/06/2024
Last modified:
29/09/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: xhci-plat: fix crash when suspend if remote wake enable<br /> <br /> Crashed at i.mx8qm platform when suspend if enable remote wakeup<br /> <br /> Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMP<br /> Modules linked in:<br /> CPU: 2 PID: 244 Comm: kworker/u12:6 Not tainted 5.15.5-dirty #12<br /> Hardware name: Freescale i.MX8QM MEK (DT)<br /> Workqueue: events_unbound async_run_entry_fn<br /> pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> pc : xhci_disable_hub_port_wake.isra.62+0x60/0xf8<br /> lr : xhci_disable_hub_port_wake.isra.62+0x34/0xf8<br /> sp : ffff80001394bbf0<br /> x29: ffff80001394bbf0 x28: 0000000000000000 x27: ffff00081193b578<br /> x26: ffff00081193b570 x25: 0000000000000000 x24: 0000000000000000<br /> x23: ffff00081193a29c x22: 0000000000020001 x21: 0000000000000001<br /> x20: 0000000000000000 x19: ffff800014e90490 x18: 0000000000000000<br /> x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000<br /> x14: 0000000000000000 x13: 0000000000000002 x12: 0000000000000000<br /> x11: 0000000000000000 x10: 0000000000000960 x9 : ffff80001394baa0<br /> x8 : ffff0008145d1780 x7 : ffff0008f95b8e80 x6 : 000000001853b453<br /> x5 : 0000000000000496 x4 : 0000000000000000 x3 : ffff00081193a29c<br /> x2 : 0000000000000001 x1 : 0000000000000000 x0 : ffff000814591620<br /> Call trace:<br /> xhci_disable_hub_port_wake.isra.62+0x60/0xf8<br /> xhci_suspend+0x58/0x510<br /> xhci_plat_suspend+0x50/0x78<br /> platform_pm_suspend+0x2c/0x78<br /> dpm_run_callback.isra.25+0x50/0xe8<br /> __device_suspend+0x108/0x3c0<br /> <br /> The basic flow:<br /> 1. run time suspend call xhci_suspend, xhci parent devices gate the clock.<br /> 2. echo mem &gt;/sys/power/state, system _device_suspend call xhci_suspend<br /> 3. xhci_suspend call xhci_disable_hub_port_wake, which access register,<br /> but clock already gated by run time suspend.<br /> <br /> This problem was hidden by power domain driver, which call run time resume before it.<br /> <br /> But the below commit remove it and make this issue happen.<br /> commit c1df456d0f06e ("PM: domains: Don&amp;#39;t runtime resume devices at genpd_prepare()")<br /> <br /> This patch call run time resume before suspend to make sure clock is on<br /> before access register.<br /> <br /> Testeb-by: Abel Vesa

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS v3.1 Severity and Metrics:

Base Score: 5.30 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): Low
Integrity (I): Low
Availability (A): Low

Base Score 3.x
5.30
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.10.96 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.19 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 5.16.5 (excluding)
cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools