CVE-2022-48761

{"id": "CVE-2022-48761", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.8}]}, "published": "2024-06-20T12:15:14.203", "references": [{"url": "https://git.kernel.org/stable/c/20c51a4c52208f98e27308c456a1951778f41fa5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8b05ad29acb972850ad795fa850e814b2e758b83", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9df478463d9feb90dae24f183383961cf123a0ec", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d5755832a1e47f5d8773f0776e211ecd4e02da72", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/20c51a4c52208f98e27308c456a1951778f41fa5", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/8b05ad29acb972850ad795fa850e814b2e758b83", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/9df478463d9feb90dae24f183383961cf123a0ec", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/d5755832a1e47f5d8773f0776e211ecd4e02da72", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci-plat: fix crash when suspend if remote wake enable\n\nCrashed at i.mx8qm platform when suspend if enable remote wakeup\n\nInternal error: synchronous external abort: 96000210 [#1] PREEMPT SMP\nModules linked in:\nCPU: 2 PID: 244 Comm: kworker/u12:6 Not tainted 5.15.5-dirty #12\nHardware name: Freescale i.MX8QM MEK (DT)\nWorkqueue: events_unbound async_run_entry_fn\npstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : xhci_disable_hub_port_wake.isra.62+0x60/0xf8\nlr : xhci_disable_hub_port_wake.isra.62+0x34/0xf8\nsp : ffff80001394bbf0\nx29: ffff80001394bbf0 x28: 0000000000000000 x27: ffff00081193b578\nx26: ffff00081193b570 x25: 0000000000000000 x24: 0000000000000000\nx23: ffff00081193a29c x22: 0000000000020001 x21: 0000000000000001\nx20: 0000000000000000 x19: ffff800014e90490 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000000 x13: 0000000000000002 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000960 x9 : ffff80001394baa0\nx8 : ffff0008145d1780 x7 : ffff0008f95b8e80 x6 : 000000001853b453\nx5 : 0000000000000496 x4 : 0000000000000000 x3 : ffff00081193a29c\nx2 : 0000000000000001 x1 : 0000000000000000 x0 : ffff000814591620\nCall trace:\n xhci_disable_hub_port_wake.isra.62+0x60/0xf8\n xhci_suspend+0x58/0x510\n xhci_plat_suspend+0x50/0x78\n platform_pm_suspend+0x2c/0x78\n dpm_run_callback.isra.25+0x50/0xe8\n __device_suspend+0x108/0x3c0\n\nThe basic flow:\n\t1. run time suspend call xhci_suspend, xhci parent devices gate the clock.\n 2. echo mem >/sys/power/state, system _device_suspend call xhci_suspend\n 3. xhci_suspend call xhci_disable_hub_port_wake, which access register,\n\t but clock already gated by run time suspend.\n\nThis problem was hidden by power domain driver, which call run time resume before it.\n\nBut the below commit remove it and make this issue happen.\n\tcommit c1df456d0f06e (\"PM: domains: Don't runtime resume devices at genpd_prepare()\")\n\nThis patch call run time resume before suspend to make sure clock is on\nbefore access register.\n\nTesteb-by: Abel Vesa <abel.vesa@nxp.com>"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: usb: xhci-plat: corrige el bloqueo al suspender si se habilita la activaci\u00f3n remota. Fall\u00f3 en la plataforma i.mx8qm al suspender si se habilita la activaci\u00f3n remota. Error interno: aborto externo sincr\u00f3nico: 96000210 [#1] PREEMPT M\u00f3dulos SMP vinculados en: CPU: 2 PID: 244 Comm: kworker/u12:6 Not tainted 5.15.5-dirty #12 Nombre del hardware: Freescale i.MX8QM MEK (DT) Cola de trabajo: events_unbound async_run_entry_fn pstate: 600000c5 (nZCv daIF - PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc: xhci_disable_hub_port_wake.isra.62+0x60/0xf8 lr: xhci_disable_hub_port_wake.isra.62+0x34/0xf8 sp: ffff80001394bbf0 x29: ffff80001394bbf0 x28: 0000000000000000 x27: ffff00081193b578 x26: ffff00081193b570 x25: 0000000000000000 x24: 0000000000000000 x23: ffff00081193a29c x22: 0000000000020001 x21: 0000000000000001 x20: 0000000000000000 x19: ffff800014e90490 x18: 000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000002 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000960 x9 : ffff80001394baa0 x8 : ffff0008145d1780 x7 : ffff0008f95b8e80 x6 : 000000001853b453 x5 : 0000000000000496 x4 : 0000000000000000 x3 : ffff000811 93a29c x2: 0000000000000001 x1: 0000000000000000 x0: ffff000814591620 Rastreo de llamadas: xhci_disable_hub_port_wake.isra.62+0x60/0xf8 xhci_suspend+0x58/0x510 0x50/ 0x78 platform_pm_suspend+0x2c/0x78 dpm_run_callback.isra.25+0x50/0xe8 __device_suspend+0x108/0x3c0 El flujo b\u00e1sico: 1. llamada de suspensi\u00f3n en tiempo de ejecuci\u00f3n xhci_suspend, los dispositivos principales xhci controlan el reloj. 2. echo mem &gt;/sys/power/state, system _device_suspend llama a xhci_suspend 3. xhci_suspend llama a xhci_disable_hub_port_wake, que accede al registro, pero el reloj ya est\u00e1 cerrado por la suspensi\u00f3n del tiempo de ejecuci\u00f3n. Este problema fue ocultado por el controlador de dominio de energ\u00eda, que solicita la reanudaci\u00f3n del tiempo de ejecuci\u00f3n antes. Pero el siguiente compromiso lo elimina y hace que este problema suceda. commit c1df456d0f06e (\"PM: dominios: no reanudar el tiempo de ejecuci\u00f3n de los dispositivos en genpd_prepare()\") Este parche llama al tiempo de ejecuci\u00f3n para reanudar antes de la suspensi\u00f3n para asegurarse de que el reloj est\u00e9 encendido antes del registro de acceso. Testeb-by: Abel Vesa "}], "lastModified": "2025-09-29T17:21:31.690", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0E7DB9A-BB54-44D1-AE8D-0293E78BCF8B", "versionEndExcluding": "5.10.96"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF69DD7C-FD57-4914-ABB0-FAEF87B0289D", "versionEndExcluding": "5.15.19", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AD9E77E-B27E-450C-8FD8-B64EC5FB002D", "versionEndExcluding": "5.16.5", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}