lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <2025022614-CVE-2022-49613-32fa@gregkh>
Date: Wed, 26 Feb 2025 03:22:56 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2022-49613: serial: 8250: Fix PM usage_count for console handover

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

serial: 8250: Fix PM usage_count for console handover

When console is enabled, univ8250_console_setup() calls
serial8250_console_setup() before .dev is set to uart_port. Therefore,
it will not call pm_runtime_get_sync(). Later, when the actual driver
is going to take over univ8250_console_exit() is called. As .dev is
already set, serial8250_console_exit() makes pm_runtime_put_sync() call
with usage count being zero triggering PM usage count warning
(extra debug for univ8250_console_setup(), univ8250_console_exit(), and
serial8250_register_ports()):

[    0.068987] univ8250_console_setup ttyS0 nodev
[    0.499670] printk: console [ttyS0] enabled
[    0.717955] printk: console [ttyS0] printing thread started
[    1.960163] serial8250_register_ports assigned dev for ttyS0
[    1.976830] printk: console [ttyS0] disabled
[    1.976888] printk: console [ttyS0] printing thread stopped
[    1.977073] univ8250_console_exit ttyS0 usage:0
[    1.977075] serial8250 serial8250: Runtime PM usage count underflow!
[    1.977429] dw-apb-uart.6: ttyS0 at MMIO 0x4010006000 (irq = 33, base_baud = 115200) is a 16550A
[    1.977812] univ8250_console_setup ttyS0 usage:2
[    1.978167] printk: console [ttyS0] printing thread started
[    1.978203] printk: console [ttyS0] enabled

To fix the issue, call pm_runtime_get_sync() in
serial8250_register_ports() as soon as .dev is set for an uart_port
if it has console enabled.

This problem became apparent only recently because 82586a721595 ("PM:
runtime: Avoid device usage count underflows") added the warning
printout. I confirmed this problem also occurs with v5.18 (w/o the
warning printout, obviously).

The Linux kernel CVE team has assigned CVE-2022-49613 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 5.7 with commit bedb404e91bb2908d9921fc736a518a9d89525fc and fixed in 5.10.132 with commit d9cb6fabc90102f9e61fe35bd0160db88f4f53b4
	Issue introduced in 5.7 with commit bedb404e91bb2908d9921fc736a518a9d89525fc and fixed in 5.15.56 with commit 190ce5cdc55d1b66ea582ac2be6fd5a72e3cc486
	Issue introduced in 5.7 with commit bedb404e91bb2908d9921fc736a518a9d89525fc and fixed in 5.18.13 with commit 5df66302f03f87ae8953785a882d78e911f00c55
	Issue introduced in 5.7 with commit bedb404e91bb2908d9921fc736a518a9d89525fc and fixed in 5.19 with commit f9b11229b79c0fb2100b5bb4628a101b1d37fbf6

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49613
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	drivers/tty/serial/8250/8250_core.c
	drivers/tty/serial/serial_core.c
	include/linux/serial_core.h


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/d9cb6fabc90102f9e61fe35bd0160db88f4f53b4
	https://git.kernel.org/stable/c/190ce5cdc55d1b66ea582ac2be6fd5a72e3cc486
	https://git.kernel.org/stable/c/5df66302f03f87ae8953785a882d78e911f00c55
	https://git.kernel.org/stable/c/f9b11229b79c0fb2100b5bb4628a101b1d37fbf6

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ