CVE-2022-49613

MEDIUM EPSS 14.9%
Published Feb 26, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix PM usage_count for console handover When console is enabled, univ8250_console_setup() calls serial8250_console_setup() before .dev is set to uart_port. Therefore, it will not call pm_runtime_get_sync(). Later, when the actual driver is going to take over univ8250_console_exit() is called. As .dev is already set, serial8250_console_exit() makes pm_runtime_put_sync() call with usage count being zero triggering PM usage count warning (extra debug for univ8250_console_setup(), univ8250_console_exit(), and serial8250_register_ports()): [ 0.068987] univ8250_console_setup ttyS0 nodev [ 0.499670] printk: console [ttyS0] enabled [ 0.717955] printk: console [ttyS0] printing thread started [ 1.960163] serial8250_register_ports assigned dev for ttyS0 [ 1.976830] printk: console [ttyS0] disabled [ 1.976888] printk: console [ttyS0] printing thread stopped [ 1.977073] univ8250_console_exit ttyS0 usage:0 [ 1.977075] serial8250 serial8250: Runtime PM usage count underflow! [ 1.977429] dw-apb-uart.6: ttyS0 at MMIO 0x4010006000 (irq = 33, base_baud = 115200) is a 16550A [ 1.977812] univ8250_console_setup ttyS0 usage:2 [ 1.978167] printk: console [ttyS0] printing thread started [ 1.978203] printk: console [ttyS0] enabled To fix the issue, call pm_runtime_get_sync() in serial8250_register_ports() as soon as .dev is set for an uart_port if it has console enabled. This problem became apparent only recently because 82586a721595 ("PM: runtime: Avoid device usage count underflows") added the warning printout. I confirmed this problem also occurs with v5.18 (w/o the warning printout, obviously).

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
14.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥5.7  –  <5.10.132
linuxlinux_kernel*≥5.11  –  <5.15.56
linuxlinux_kernel*≥5.16  –  <5.18.13
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any

References 4

  • git.kernel.org https://git.kernel.org/stable/c/190ce5cdc55d1b66ea582ac2be6fd5a72e3cc486
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5df66302f03f87ae8953785a882d78e911f00c55
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d9cb6fabc90102f9e61fe35bd0160db88f4f53b4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f9b11229b79c0fb2100b5bb4628a101b1d37fbf6
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/190ce5cdc55d1b66ea582ac2be6fd5a72e3cc486
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5df66302f03f87ae8953785a882d78e911f00c55
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d9cb6fabc90102f9e61fe35bd0160db88f4f53b4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f9b11229b79c0fb2100b5bb4628a101b1d37fbf6
    Patch