CVE-2022-48761

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48761
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48761.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-48761
Related
Published
2024-06-20T12:15:14Z
Modified
2025-01-14T11:18:39.623163Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: xhci-plat: fix crash when suspend if remote wake enable

Crashed at i.mx8qm platform when suspend if enable remote wakeup

Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMP Modules linked in: CPU: 2 PID: 244 Comm: kworker/u12:6 Not tainted 5.15.5-dirty #12 Hardware name: Freescale i.MX8QM MEK (DT) Workqueue: eventsunbound asyncrunentryfn pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : xhcidisablehubportwake.isra.62+0x60/0xf8 lr : xhcidisablehubportwake.isra.62+0x34/0xf8 sp : ffff80001394bbf0 x29: ffff80001394bbf0 x28: 0000000000000000 x27: ffff00081193b578 x26: ffff00081193b570 x25: 0000000000000000 x24: 0000000000000000 x23: ffff00081193a29c x22: 0000000000020001 x21: 0000000000000001 x20: 0000000000000000 x19: ffff800014e90490 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000002 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000960 x9 : ffff80001394baa0 x8 : ffff0008145d1780 x7 : ffff0008f95b8e80 x6 : 000000001853b453 x5 : 0000000000000496 x4 : 0000000000000000 x3 : ffff00081193a29c x2 : 0000000000000001 x1 : 0000000000000000 x0 : ffff000814591620 Call trace: xhcidisablehubportwake.isra.62+0x60/0xf8 xhcisuspend+0x58/0x510 xhciplatsuspend+0x50/0x78 platformpmsuspend+0x2c/0x78 dpmruncallback.isra.25+0x50/0xe8 _device_suspend+0x108/0x3c0

The basic flow: 1. run time suspend call xhcisuspend, xhci parent devices gate the clock. 2. echo mem >/sys/power/state, system _devicesuspend call xhcisuspend 3. xhcisuspend call xhcidisablehubportwake, which access register, but clock already gated by run time suspend.

This problem was hidden by power domain driver, which call run time resume before it.

But the below commit remove it and make this issue happen. commit c1df456d0f06e ("PM: domains: Don't runtime resume devices at genpd_prepare()")

This patch call run time resume before suspend to make sure clock is on before access register.

Testeb-by: Abel Vesa abel.vesa@nxp.com

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.103-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.16.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.16.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}