CVE-2022-49192 is a vulnerability identified in the Linux kernel's Ethernet driver for the CPSW (Common Platform Switch) component. The issue arises from improper handling of runtime power management (PM) calls within the cpsw_ethtool_begin function, which is used when configuring interrupt coalescing via ethtool. Specifically, cpsw_ethtool_begin returns the result of pm_runtime_get_sync directly. This function can return 0 on a successful resume, -error codes on failure, but also 1 if the device is already active. Returning 1 leads to an inconsistent call pattern where pm_runtime_put is called one too many times, causing the CPSW device to remain suspended erroneously. This suspended state results in access violations later in the driver when other parts attempt to interact with the device. The root cause is a mismatch in the expected return values and the actual behavior of pm_runtime_get_sync, leading to incorrect power state management. The fix involves replacing pm_runtime_get_sync with pm_runtime_resume_and_get, which provides a more consistent and return-value-friendly interface, preventing the device from being left suspended and avoiding subsequent access violations. This vulnerability affects Linux kernel versions identified by the commit hash d43c65b05b848e0b2db1a6c78b02c189da3a95b5 and likely other versions containing the same driver code. No known exploits are reported in the wild as of the publication date (February 26, 2025).

The vulnerability can cause kernel panics or access violations due to the CPSW Ethernet device being left in a suspended state improperly. For European organizations, this can lead to network interface failures on systems running affected Linux kernels, potentially causing denial of service (DoS) conditions on critical network infrastructure or embedded devices using CPSW Ethernet drivers. This is particularly impactful for industrial control systems, telecommunications equipment, and network appliances that rely on stable Ethernet connectivity. The access violation could also lead to system instability or crashes, affecting availability and potentially causing operational disruptions. While there is no indication of privilege escalation or remote code execution, the denial of service impact on network connectivity can have significant operational consequences, especially in sectors like manufacturing, energy, and critical infrastructure prevalent in Europe. Given the Linux kernel's widespread use in servers, embedded devices, and IoT, the scope of affected systems is broad, but exploitation requires the ability to trigger ethtool configurations or similar driver interactions, which may limit attack vectors to local or privileged users.

European organizations should promptly apply Linux kernel updates that include the fix replacing pm_runtime_get_sync with pm_runtime_resume_and_get in the cpsw driver. For systems where immediate patching is not feasible, administrators should restrict access to ethtool and related network configuration utilities to trusted and authorized users only, minimizing the risk of triggering the vulnerability. Monitoring kernel logs for signs of cpsw driver panics or access violations can help detect attempts to exploit or accidental triggers. In environments using embedded Linux devices or network appliances with CPSW Ethernet hardware, vendors should be contacted to obtain firmware or kernel updates. Additionally, organizations should implement strict change management and network segmentation to isolate critical systems and reduce the impact of potential DoS conditions. Finally, incorporating runtime integrity monitoring and alerting on kernel driver anomalies can provide early warning of exploitation attempts or system instability related to this vulnerability.