CVE-2022-48761: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: usb: xhci-plat: fix crash when suspend if remote wake enable Crashed at i.mx8qm platform when suspend if enable remote wakeup Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMP Modules linked in: CPU: 2 PID: 244 Comm: kworker/u12:6 Not tainted 5.15.5-dirty #12 Hardware name: Freescale i.MX8QM MEK (DT) Workqueue: events_unbound async_run_entry_fn pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : xhci_disable_hub_port_wake.isra.62+0x60/0xf8 lr : xhci_disable_hub_port_wake.isra.62+0x34/0xf8 sp : ffff80001394bbf0 x29: ffff80001394bbf0 x28: 0000000000000000 x27: ffff00081193b578 x26: ffff00081193b570 x25: 0000000000000000 x24: 0000000000000000 x23: ffff00081193a29c x22: 0000000000020001 x21: 0000000000000001 x20: 0000000000000000 x19: ffff800014e90490 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000002 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000960 x9 : ffff80001394baa0 x8 : ffff0008145d1780 x7 : ffff0008f95b8e80 x6 : 000000001853b453 x5 : 0000000000000496 x4 : 0000000000000000 x3 : ffff00081193a29c x2 : 0000000000000001 x1 : 0000000000000000 x0 : ffff000814591620 Call trace: xhci_disable_hub_port_wake.isra.62+0x60/0xf8 xhci_suspend+0x58/0x510 xhci_plat_suspend+0x50/0x78 platform_pm_suspend+0x2c/0x78 dpm_run_callback.isra.25+0x50/0xe8 __device_suspend+0x108/0x3c0 The basic flow: 1. run time suspend call xhci_suspend, xhci parent devices gate the clock. 2. echo mem >/sys/power/state, system _device_suspend call xhci_suspend 3. xhci_suspend call xhci_disable_hub_port_wake, which access register, but clock already gated by run time suspend. This problem was hidden by power domain driver, which call run time resume before it. But the below commit remove it and make this issue happen. commit c1df456d0f06e ("PM: domains: Don't runtime resume devices at genpd_prepare()") This patch call run time resume before suspend to make sure clock is on before access register. Testeb-by: Abel Vesa <abel.vesa@nxp.com>
AI Analysis
Technical Summary
CVE-2022-48761 is a medium severity vulnerability in the Linux kernel's USB xHCI platform driver, specifically affecting the suspend/resume power management sequence on certain ARM-based platforms such as the Freescale i.MX8QM MEK. The issue arises when the system attempts to enter suspend mode with remote wakeup enabled on USB hubs. During suspend, the xhci_suspend function is called, which in turn calls xhci_disable_hub_port_wake to disable remote wakeup on USB hub ports. However, due to a recent kernel change (commit c1df456d0f06e) that removed automatic runtime resume calls before device suspend, the clock gating occurs prematurely. This means the clock to the USB controller is turned off before the driver accesses hardware registers to disable remote wakeup, leading to a synchronous external abort (hardware fault) and kernel crash. The root cause is a race condition between power domain management and runtime PM, causing register access with the clock gated off. The vulnerability can cause system instability and denial of service (DoS) by crashing the kernel during suspend operations on affected hardware. Exploitation requires local privileges with the ability to trigger suspend with remote wakeup enabled, and no user interaction is needed. The CVSS 3.1 score is 5.3 (medium), reflecting the local attack vector, low complexity, required privileges, and impact on confidentiality, integrity, and availability. No known exploits are reported in the wild yet. The patch involves ensuring runtime resume is called before suspend to keep the clock enabled when accessing registers, preventing the crash.
Potential Impact
For European organizations, the primary impact of CVE-2022-48761 is potential denial of service on Linux systems running on affected ARM-based embedded platforms, particularly those using Freescale/NXP i.MX8QM or similar hardware. This could affect industrial control systems, IoT devices, telecommunications equipment, and embedded systems that rely on Linux kernel versions containing this flaw. A kernel crash during suspend could cause unexpected reboots or system downtime, impacting availability of critical infrastructure or services. Confidentiality and integrity impacts are limited but possible if the crash is leveraged as part of a larger attack chain. Organizations with embedded Linux devices in operational technology (OT) environments or edge computing nodes are at higher risk. The vulnerability requires local privileges, so attackers would need some level of access to the device. However, the medium severity and lack of known exploits reduce immediate risk for general IT environments. Still, the disruption potential in embedded or industrial contexts makes timely patching important to maintain system stability and availability.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2022-48761, ensuring runtime resume is called before suspend to prevent clock gating issues. 2. For embedded devices or custom Linux builds, update the kernel to versions including the fix or backport the patch if upgrading is not feasible. 3. Audit and control local access to affected devices to prevent unauthorized users from triggering suspend with remote wakeup enabled. 4. Disable USB remote wakeup functionality on affected devices if not required, reducing the attack surface. 5. Implement monitoring for unexpected kernel crashes or reboots on embedded Linux systems to detect potential exploitation attempts. 6. Coordinate with hardware vendors (e.g., NXP) for firmware updates or advisories related to this issue. 7. For critical infrastructure, consider network segmentation and strict access controls to limit exposure of embedded Linux devices to untrusted users. 8. Test suspend/resume functionality thoroughly after patching to ensure system stability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy
CVE-2022-48761: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: usb: xhci-plat: fix crash when suspend if remote wake enable Crashed at i.mx8qm platform when suspend if enable remote wakeup Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMP Modules linked in: CPU: 2 PID: 244 Comm: kworker/u12:6 Not tainted 5.15.5-dirty #12 Hardware name: Freescale i.MX8QM MEK (DT) Workqueue: events_unbound async_run_entry_fn pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : xhci_disable_hub_port_wake.isra.62+0x60/0xf8 lr : xhci_disable_hub_port_wake.isra.62+0x34/0xf8 sp : ffff80001394bbf0 x29: ffff80001394bbf0 x28: 0000000000000000 x27: ffff00081193b578 x26: ffff00081193b570 x25: 0000000000000000 x24: 0000000000000000 x23: ffff00081193a29c x22: 0000000000020001 x21: 0000000000000001 x20: 0000000000000000 x19: ffff800014e90490 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000002 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000960 x9 : ffff80001394baa0 x8 : ffff0008145d1780 x7 : ffff0008f95b8e80 x6 : 000000001853b453 x5 : 0000000000000496 x4 : 0000000000000000 x3 : ffff00081193a29c x2 : 0000000000000001 x1 : 0000000000000000 x0 : ffff000814591620 Call trace: xhci_disable_hub_port_wake.isra.62+0x60/0xf8 xhci_suspend+0x58/0x510 xhci_plat_suspend+0x50/0x78 platform_pm_suspend+0x2c/0x78 dpm_run_callback.isra.25+0x50/0xe8 __device_suspend+0x108/0x3c0 The basic flow: 1. run time suspend call xhci_suspend, xhci parent devices gate the clock. 2. echo mem >/sys/power/state, system _device_suspend call xhci_suspend 3. xhci_suspend call xhci_disable_hub_port_wake, which access register, but clock already gated by run time suspend. This problem was hidden by power domain driver, which call run time resume before it. But the below commit remove it and make this issue happen. commit c1df456d0f06e ("PM: domains: Don't runtime resume devices at genpd_prepare()") This patch call run time resume before suspend to make sure clock is on before access register. Testeb-by: Abel Vesa <abel.vesa@nxp.com>
AI-Powered Analysis
Technical Analysis
CVE-2022-48761 is a medium severity vulnerability in the Linux kernel's USB xHCI platform driver, specifically affecting the suspend/resume power management sequence on certain ARM-based platforms such as the Freescale i.MX8QM MEK. The issue arises when the system attempts to enter suspend mode with remote wakeup enabled on USB hubs. During suspend, the xhci_suspend function is called, which in turn calls xhci_disable_hub_port_wake to disable remote wakeup on USB hub ports. However, due to a recent kernel change (commit c1df456d0f06e) that removed automatic runtime resume calls before device suspend, the clock gating occurs prematurely. This means the clock to the USB controller is turned off before the driver accesses hardware registers to disable remote wakeup, leading to a synchronous external abort (hardware fault) and kernel crash. The root cause is a race condition between power domain management and runtime PM, causing register access with the clock gated off. The vulnerability can cause system instability and denial of service (DoS) by crashing the kernel during suspend operations on affected hardware. Exploitation requires local privileges with the ability to trigger suspend with remote wakeup enabled, and no user interaction is needed. The CVSS 3.1 score is 5.3 (medium), reflecting the local attack vector, low complexity, required privileges, and impact on confidentiality, integrity, and availability. No known exploits are reported in the wild yet. The patch involves ensuring runtime resume is called before suspend to keep the clock enabled when accessing registers, preventing the crash.
Potential Impact
For European organizations, the primary impact of CVE-2022-48761 is potential denial of service on Linux systems running on affected ARM-based embedded platforms, particularly those using Freescale/NXP i.MX8QM or similar hardware. This could affect industrial control systems, IoT devices, telecommunications equipment, and embedded systems that rely on Linux kernel versions containing this flaw. A kernel crash during suspend could cause unexpected reboots or system downtime, impacting availability of critical infrastructure or services. Confidentiality and integrity impacts are limited but possible if the crash is leveraged as part of a larger attack chain. Organizations with embedded Linux devices in operational technology (OT) environments or edge computing nodes are at higher risk. The vulnerability requires local privileges, so attackers would need some level of access to the device. However, the medium severity and lack of known exploits reduce immediate risk for general IT environments. Still, the disruption potential in embedded or industrial contexts makes timely patching important to maintain system stability and availability.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2022-48761, ensuring runtime resume is called before suspend to prevent clock gating issues. 2. For embedded devices or custom Linux builds, update the kernel to versions including the fix or backport the patch if upgrading is not feasible. 3. Audit and control local access to affected devices to prevent unauthorized users from triggering suspend with remote wakeup enabled. 4. Disable USB remote wakeup functionality on affected devices if not required, reducing the attack surface. 5. Implement monitoring for unexpected kernel crashes or reboots on embedded Linux systems to detect potential exploitation attempts. 6. Coordinate with hardware vendors (e.g., NXP) for firmware updates or advisories related to this issue. 7. For critical infrastructure, consider network segmentation and strict access controls to limit exposure of embedded Linux devices to untrusted users. 8. Test suspend/resume functionality thoroughly after patching to ensure system stability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-06-20T11:09:39.060Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe60c7
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 8:42:28 PM
Last updated: 8/18/2025, 11:25:27 PM
Views: 12
Related Threats
CVE-2025-9175: Stack-based Buffer Overflow in neurobin shc
MediumCVE-2025-9174: OS Command Injection in neurobin shc
MediumCVE-2025-9171: Cross Site Scripting in SolidInvoice
MediumCVE-2025-9170: Cross Site Scripting in SolidInvoice
MediumCVE-2025-9169: Cross Site Scripting in SolidInvoice
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.