CVE-2022-49132: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ath11k: pci: fix crash on suspend if board file is not found Mario reported that the kernel was crashing on suspend if ath11k was not able to find a board file: [ 473.693286] PM: Suspending system (s2idle) [ 473.693291] printk: Suspending console(s) (use no_console_suspend to debug) [ 474.407787] BUG: unable to handle page fault for address: 0000000000002070 [ 474.407791] #PF: supervisor read access in kernel mode [ 474.407794] #PF: error_code(0x0000) - not-present page [ 474.407798] PGD 0 P4D 0 [ 474.407801] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 474.407805] CPU: 2 PID: 2350 Comm: kworker/u32:14 Tainted: G W 5.16.0 #248 [...] [ 474.407868] Call Trace: [ 474.407870] <TASK> [ 474.407874] ? _raw_spin_lock_irqsave+0x2a/0x60 [ 474.407882] ? lock_timer_base+0x72/0xa0 [ 474.407889] ? _raw_spin_unlock_irqrestore+0x29/0x3d [ 474.407892] ? try_to_del_timer_sync+0x54/0x80 [ 474.407896] ath11k_dp_rx_pktlog_stop+0x49/0xc0 [ath11k] [ 474.407912] ath11k_core_suspend+0x34/0x130 [ath11k] [ 474.407923] ath11k_pci_pm_suspend+0x1b/0x50 [ath11k_pci] [ 474.407928] pci_pm_suspend+0x7e/0x170 [ 474.407935] ? pci_pm_freeze+0xc0/0xc0 [ 474.407939] dpm_run_callback+0x4e/0x150 [ 474.407947] __device_suspend+0x148/0x4c0 [ 474.407951] async_suspend+0x20/0x90 dmesg-efi-164255130401001: Oops#1 Part1 [ 474.407955] async_run_entry_fn+0x33/0x120 [ 474.407959] process_one_work+0x220/0x3f0 [ 474.407966] worker_thread+0x4a/0x3d0 [ 474.407971] kthread+0x17a/0x1a0 [ 474.407975] ? process_one_work+0x3f0/0x3f0 [ 474.407979] ? set_kthread_struct+0x40/0x40 [ 474.407983] ret_from_fork+0x22/0x30 [ 474.407991] </TASK> The issue here is that board file loading happens after ath11k_pci_probe() succesfully returns (ath11k initialisation happends asynchronously) and the suspend handler is still enabled, of course failing as ath11k is not properly initialised. Fix this by checking ATH11K_FLAG_QMI_FAIL during both suspend and resume. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03003-QCAHSPSWPL_V1_V2_SILICONZ_LITE-2
AI Analysis
Technical Summary
CVE-2022-49132 is a vulnerability in the Linux kernel's ath11k PCI driver, which handles certain Qualcomm Atheros Wi-Fi chipsets. The flaw arises during the suspend operation of the system when the ath11k driver attempts to suspend the device but fails to find the necessary board file required for proper initialization. Specifically, the board file loading occurs asynchronously after the ath11k_pci_probe() function returns successfully. However, the suspend handler remains enabled and attempts to operate on an incompletely initialized device. This leads to a kernel crash due to a page fault triggered by accessing invalid memory addresses, as evidenced by the kernel oops logs showing supervisor read access faults and stack traces within ath11k suspend routines. The root cause is the lack of proper checks for the ATH11K_FLAG_QMI_FAIL flag during suspend and resume operations, which indicates failure in the QMI (Qualcomm MSM Interface) initialization. The fix involves adding these checks to prevent suspend/resume handlers from operating on an uninitialized device. This vulnerability affects Linux kernel versions containing the vulnerable ath11k driver implementation, particularly impacting systems using Qualcomm WCN6855 Wi-Fi chipsets or similar hardware. Although no known exploits are reported in the wild, the issue can cause denial of service via system crashes during suspend cycles, which may be triggered by normal power management operations or maliciously induced. The vulnerability was tested on hardware WCN6855 hw2.0 PCI WLAN with specific firmware versions, confirming reproducibility and fix effectiveness.
Potential Impact
For European organizations, the primary impact of CVE-2022-49132 is potential denial of service (DoS) due to kernel crashes during suspend operations on affected Linux systems. This can disrupt normal device operation, leading to system instability, unexpected reboots, or loss of connectivity on devices relying on Qualcomm ath11k Wi-Fi chipsets. Enterprises using Linux-based infrastructure, embedded systems, or IoT devices with these chipsets may experience operational interruptions. Although this vulnerability does not directly expose confidentiality or integrity risks, the availability impact can be significant in environments where uptime and network connectivity are critical, such as industrial control systems, telecommunications, or cloud infrastructure nodes. The asynchronous nature of the initialization and suspend process means that the issue might manifest unpredictably, complicating troubleshooting and potentially increasing downtime. Since the vulnerability requires the absence of a board file and occurs during suspend, it may be triggered by power management events, including user-initiated suspend or automated power-saving features, affecting laptops, servers, or embedded devices. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or deliberate triggering of crashes, which could be leveraged in targeted denial-of-service scenarios.
Mitigation Recommendations
To mitigate CVE-2022-49132, organizations should: 1) Apply the latest Linux kernel updates that include the patch fixing the ath11k suspend/resume handling by checking ATH11K_FLAG_QMI_FAIL. This is the definitive fix preventing crashes. 2) For systems where immediate patching is not feasible, consider disabling suspend functionality or power management features that invoke suspend on affected devices to avoid triggering the vulnerability. 3) Audit and inventory Linux systems to identify those using Qualcomm WCN6855 or related ath11k PCI Wi-Fi chipsets, prioritizing patch deployment on these devices. 4) Monitor system logs for kernel oops or crashes related to ath11k during suspend/resume cycles to detect potential exploitation or accidental triggers. 5) In environments with embedded or IoT devices, coordinate with hardware vendors to obtain firmware or driver updates incorporating the fix. 6) Implement robust backup and recovery procedures to minimize downtime impact from unexpected crashes. 7) Educate system administrators about this specific vulnerability to ensure awareness and timely response. These steps go beyond generic advice by focusing on chipset identification, power management configuration, and proactive monitoring tailored to this vulnerability's characteristics.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2022-49132: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ath11k: pci: fix crash on suspend if board file is not found Mario reported that the kernel was crashing on suspend if ath11k was not able to find a board file: [ 473.693286] PM: Suspending system (s2idle) [ 473.693291] printk: Suspending console(s) (use no_console_suspend to debug) [ 474.407787] BUG: unable to handle page fault for address: 0000000000002070 [ 474.407791] #PF: supervisor read access in kernel mode [ 474.407794] #PF: error_code(0x0000) - not-present page [ 474.407798] PGD 0 P4D 0 [ 474.407801] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 474.407805] CPU: 2 PID: 2350 Comm: kworker/u32:14 Tainted: G W 5.16.0 #248 [...] [ 474.407868] Call Trace: [ 474.407870] <TASK> [ 474.407874] ? _raw_spin_lock_irqsave+0x2a/0x60 [ 474.407882] ? lock_timer_base+0x72/0xa0 [ 474.407889] ? _raw_spin_unlock_irqrestore+0x29/0x3d [ 474.407892] ? try_to_del_timer_sync+0x54/0x80 [ 474.407896] ath11k_dp_rx_pktlog_stop+0x49/0xc0 [ath11k] [ 474.407912] ath11k_core_suspend+0x34/0x130 [ath11k] [ 474.407923] ath11k_pci_pm_suspend+0x1b/0x50 [ath11k_pci] [ 474.407928] pci_pm_suspend+0x7e/0x170 [ 474.407935] ? pci_pm_freeze+0xc0/0xc0 [ 474.407939] dpm_run_callback+0x4e/0x150 [ 474.407947] __device_suspend+0x148/0x4c0 [ 474.407951] async_suspend+0x20/0x90 dmesg-efi-164255130401001: Oops#1 Part1 [ 474.407955] async_run_entry_fn+0x33/0x120 [ 474.407959] process_one_work+0x220/0x3f0 [ 474.407966] worker_thread+0x4a/0x3d0 [ 474.407971] kthread+0x17a/0x1a0 [ 474.407975] ? process_one_work+0x3f0/0x3f0 [ 474.407979] ? set_kthread_struct+0x40/0x40 [ 474.407983] ret_from_fork+0x22/0x30 [ 474.407991] </TASK> The issue here is that board file loading happens after ath11k_pci_probe() succesfully returns (ath11k initialisation happends asynchronously) and the suspend handler is still enabled, of course failing as ath11k is not properly initialised. Fix this by checking ATH11K_FLAG_QMI_FAIL during both suspend and resume. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03003-QCAHSPSWPL_V1_V2_SILICONZ_LITE-2
AI-Powered Analysis
Technical Analysis
CVE-2022-49132 is a vulnerability in the Linux kernel's ath11k PCI driver, which handles certain Qualcomm Atheros Wi-Fi chipsets. The flaw arises during the suspend operation of the system when the ath11k driver attempts to suspend the device but fails to find the necessary board file required for proper initialization. Specifically, the board file loading occurs asynchronously after the ath11k_pci_probe() function returns successfully. However, the suspend handler remains enabled and attempts to operate on an incompletely initialized device. This leads to a kernel crash due to a page fault triggered by accessing invalid memory addresses, as evidenced by the kernel oops logs showing supervisor read access faults and stack traces within ath11k suspend routines. The root cause is the lack of proper checks for the ATH11K_FLAG_QMI_FAIL flag during suspend and resume operations, which indicates failure in the QMI (Qualcomm MSM Interface) initialization. The fix involves adding these checks to prevent suspend/resume handlers from operating on an uninitialized device. This vulnerability affects Linux kernel versions containing the vulnerable ath11k driver implementation, particularly impacting systems using Qualcomm WCN6855 Wi-Fi chipsets or similar hardware. Although no known exploits are reported in the wild, the issue can cause denial of service via system crashes during suspend cycles, which may be triggered by normal power management operations or maliciously induced. The vulnerability was tested on hardware WCN6855 hw2.0 PCI WLAN with specific firmware versions, confirming reproducibility and fix effectiveness.
Potential Impact
For European organizations, the primary impact of CVE-2022-49132 is potential denial of service (DoS) due to kernel crashes during suspend operations on affected Linux systems. This can disrupt normal device operation, leading to system instability, unexpected reboots, or loss of connectivity on devices relying on Qualcomm ath11k Wi-Fi chipsets. Enterprises using Linux-based infrastructure, embedded systems, or IoT devices with these chipsets may experience operational interruptions. Although this vulnerability does not directly expose confidentiality or integrity risks, the availability impact can be significant in environments where uptime and network connectivity are critical, such as industrial control systems, telecommunications, or cloud infrastructure nodes. The asynchronous nature of the initialization and suspend process means that the issue might manifest unpredictably, complicating troubleshooting and potentially increasing downtime. Since the vulnerability requires the absence of a board file and occurs during suspend, it may be triggered by power management events, including user-initiated suspend or automated power-saving features, affecting laptops, servers, or embedded devices. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or deliberate triggering of crashes, which could be leveraged in targeted denial-of-service scenarios.
Mitigation Recommendations
To mitigate CVE-2022-49132, organizations should: 1) Apply the latest Linux kernel updates that include the patch fixing the ath11k suspend/resume handling by checking ATH11K_FLAG_QMI_FAIL. This is the definitive fix preventing crashes. 2) For systems where immediate patching is not feasible, consider disabling suspend functionality or power management features that invoke suspend on affected devices to avoid triggering the vulnerability. 3) Audit and inventory Linux systems to identify those using Qualcomm WCN6855 or related ath11k PCI Wi-Fi chipsets, prioritizing patch deployment on these devices. 4) Monitor system logs for kernel oops or crashes related to ath11k during suspend/resume cycles to detect potential exploitation or accidental triggers. 5) In environments with embedded or IoT devices, coordinate with hardware vendors to obtain firmware or driver updates incorporating the fix. 6) Implement robust backup and recovery procedures to minimize downtime impact from unexpected crashes. 7) Educate system administrators about this specific vulnerability to ensure awareness and timely response. These steps go beyond generic advice by focusing on chipset identification, power management configuration, and proactive monitoring tailored to this vulnerability's characteristics.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T01:49:39.267Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982dc4522896dcbe4fca
Added to database: 5/21/2025, 9:09:01 AM
Last enriched: 6/30/2025, 3:12:30 AM
Last updated: 8/8/2025, 6:55:38 AM
Views: 16
Related Threats
CVE-2025-8975: Cross Site Scripting in givanz Vvveb
MediumCVE-2025-55716: CWE-862 Missing Authorization in VeronaLabs WP Statistics
MediumCVE-2025-55714: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crocoblock JetElements For Elementor
MediumCVE-2025-55713: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in CreativeThemes Blocksy
MediumCVE-2025-55712: CWE-862 Missing Authorization in POSIMYTH The Plus Addons for Elementor Page Builder Lite
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.