CVE-2022-49383: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: watchdog: rzg2l_wdt: Fix 'BUG: Invalid wait context' This patch fixes the issue 'BUG: Invalid wait context' during restart() callback by using clk_prepare_enable() instead of pm_runtime_get_sync() for turning on the clocks during restart. This issue is noticed when testing with renesas_defconfig. [ 42.213802] reboot: Restarting system [ 42.217860] [ 42.219364] ============================= [ 42.223368] [ BUG: Invalid wait context ] [ 42.227372] 5.17.0-rc5-arm64-renesas-00002-g10393723e35e #522 Not tainted [ 42.234153] ----------------------------- [ 42.238155] systemd-shutdow/1 is trying to lock: [ 42.242766] ffff00000a650828 (&genpd->mlock){+.+.}-{3:3}, at: genpd_lock_mtx+0x14/0x20 [ 42.250709] other info that might help us debug this: [ 42.255753] context-{4:4} [ 42.258368] 2 locks held by systemd-shutdow/1: [ 42.262806] #0: ffff80000944e1c8 (system_transition_mutex#2){+.+.}-{3:3}, at: __do_sys_reboot+0xd0/0x250 [ 42.272388] #1: ffff8000094c4e40 (rcu_read_lock){....}-{1:2}, at: atomic_notifier_call_chain+0x0/0x150 [ 42.281795] stack backtrace: [ 42.284672] CPU: 0 PID: 1 Comm: systemd-shutdow Not tainted 5.17.0-rc5-arm64-renesas-00002-g10393723e35e #522 [ 42.294577] Hardware name: Renesas SMARC EVK based on r9a07g044c2 (DT) [ 42.301096] Call trace: [ 42.303538] dump_backtrace+0xcc/0xd8 [ 42.307203] show_stack+0x14/0x30 [ 42.310517] dump_stack_lvl+0x88/0xb0 [ 42.314180] dump_stack+0x14/0x2c [ 42.317492] __lock_acquire+0x1b24/0x1b50 [ 42.321502] lock_acquire+0x120/0x3a8 [ 42.325162] __mutex_lock+0x84/0x8f8 [ 42.328737] mutex_lock_nested+0x30/0x58 [ 42.332658] genpd_lock_mtx+0x14/0x20 [ 42.336319] genpd_runtime_resume+0xc4/0x228 [ 42.340587] __rpm_callback+0x44/0x170 [ 42.344337] rpm_callback+0x64/0x70 [ 42.347824] rpm_resume+0x4e0/0x6b8 [ 42.351310] __pm_runtime_resume+0x50/0x78 [ 42.355404] rzg2l_wdt_restart+0x28/0x68 [ 42.359329] watchdog_restart_notifier+0x1c/0x30 [ 42.363943] atomic_notifier_call_chain+0x94/0x150 [ 42.368732] do_kernel_restart+0x24/0x30 [ 42.372652] machine_restart+0x44/0x70 [ 42.376399] kernel_restart+0x3c/0x60 [ 42.380058] __do_sys_reboot+0x228/0x250 [ 42.383977] __arm64_sys_reboot+0x20/0x28 [ 42.387983] invoke_syscall+0x40/0xf8
AI Analysis
Technical Summary
CVE-2022-49383 is a vulnerability identified in the Linux kernel specifically related to the watchdog timer driver for the Renesas RZ/G2L platform (rzg2l_wdt). The issue manifests as a 'BUG: Invalid wait context' error during the system restart process. This bug occurs because the driver incorrectly uses the pm_runtime_get_sync() function to enable clocks during the restart callback, which is not appropriate in this context and leads to invalid wait context errors. The correct approach, as fixed in the patch, is to use clk_prepare_enable() instead for clock management during restart. The problem was observed when testing with the renesas_defconfig configuration, indicating it affects systems running Linux kernels with this configuration and hardware platform. The kernel logs show that the error arises during the reboot sequence, involving systemd-shutdown and kernel mutex locking mechanisms, resulting in a kernel BUG triggered by improper locking and runtime power management calls. This vulnerability is a kernel-level bug that can cause system instability or crashes during reboot operations on affected hardware. While no direct exploitation in the wild is known, the bug could lead to denial of service (DoS) conditions by preventing proper system restarts or causing kernel panics. The vulnerability is specific to the Renesas SMARC EVK platform based on the r9a07g044c2 SoC and Linux kernel versions around 5.17.0-rc5-arm64 with the renesas_defconfig. No CVSS score is assigned, and no known exploits have been reported to date.
Potential Impact
For European organizations using embedded systems or industrial equipment based on the Renesas RZ/G2L platform running Linux kernels with the affected configuration, this vulnerability could cause system instability or failure to reboot properly. This may lead to operational disruptions, especially in critical infrastructure, manufacturing, or IoT deployments where Renesas hardware is common. The inability to restart systems cleanly can result in downtime, impacting availability and potentially causing cascading failures in automated or safety-critical environments. Although the vulnerability does not appear to allow privilege escalation or remote code execution, the denial of service impact during reboot cycles can be significant for systems requiring high availability. European organizations relying on embedded Linux devices in sectors such as automotive, industrial automation, or telecommunications that utilize Renesas SoCs may face increased maintenance costs and operational risks if this bug is not addressed. Given the specificity of the hardware and kernel configuration, the impact is limited to a niche but important segment of embedded Linux deployments.
Mitigation Recommendations
The primary mitigation is to apply the official Linux kernel patch that replaces the incorrect pm_runtime_get_sync() call with clk_prepare_enable() in the rzg2l_wdt watchdog driver during restart callbacks. Organizations should ensure their embedded Linux kernel versions are updated to include this fix, particularly if they use Renesas RZ/G2L hardware or similar configurations. For vendors and integrators, rebuilding and deploying updated kernel images with the patched watchdog driver is essential. Additionally, thorough testing of system reboot sequences should be conducted to verify the fix and prevent regression. Where immediate patching is not feasible, operational mitigations include avoiding unnecessary reboots or implementing watchdog timer configurations that minimize restart callbacks triggering the bug. Monitoring kernel logs for 'Invalid wait context' errors can help detect if the issue is present in deployed systems. Coordination with hardware vendors for updated BSPs (Board Support Packages) and Linux kernel releases is recommended to maintain long-term stability.
Affected Countries
Germany, France, United Kingdom, Italy, Netherlands, Sweden, Finland
CVE-2022-49383: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: watchdog: rzg2l_wdt: Fix 'BUG: Invalid wait context' This patch fixes the issue 'BUG: Invalid wait context' during restart() callback by using clk_prepare_enable() instead of pm_runtime_get_sync() for turning on the clocks during restart. This issue is noticed when testing with renesas_defconfig. [ 42.213802] reboot: Restarting system [ 42.217860] [ 42.219364] ============================= [ 42.223368] [ BUG: Invalid wait context ] [ 42.227372] 5.17.0-rc5-arm64-renesas-00002-g10393723e35e #522 Not tainted [ 42.234153] ----------------------------- [ 42.238155] systemd-shutdow/1 is trying to lock: [ 42.242766] ffff00000a650828 (&genpd->mlock){+.+.}-{3:3}, at: genpd_lock_mtx+0x14/0x20 [ 42.250709] other info that might help us debug this: [ 42.255753] context-{4:4} [ 42.258368] 2 locks held by systemd-shutdow/1: [ 42.262806] #0: ffff80000944e1c8 (system_transition_mutex#2){+.+.}-{3:3}, at: __do_sys_reboot+0xd0/0x250 [ 42.272388] #1: ffff8000094c4e40 (rcu_read_lock){....}-{1:2}, at: atomic_notifier_call_chain+0x0/0x150 [ 42.281795] stack backtrace: [ 42.284672] CPU: 0 PID: 1 Comm: systemd-shutdow Not tainted 5.17.0-rc5-arm64-renesas-00002-g10393723e35e #522 [ 42.294577] Hardware name: Renesas SMARC EVK based on r9a07g044c2 (DT) [ 42.301096] Call trace: [ 42.303538] dump_backtrace+0xcc/0xd8 [ 42.307203] show_stack+0x14/0x30 [ 42.310517] dump_stack_lvl+0x88/0xb0 [ 42.314180] dump_stack+0x14/0x2c [ 42.317492] __lock_acquire+0x1b24/0x1b50 [ 42.321502] lock_acquire+0x120/0x3a8 [ 42.325162] __mutex_lock+0x84/0x8f8 [ 42.328737] mutex_lock_nested+0x30/0x58 [ 42.332658] genpd_lock_mtx+0x14/0x20 [ 42.336319] genpd_runtime_resume+0xc4/0x228 [ 42.340587] __rpm_callback+0x44/0x170 [ 42.344337] rpm_callback+0x64/0x70 [ 42.347824] rpm_resume+0x4e0/0x6b8 [ 42.351310] __pm_runtime_resume+0x50/0x78 [ 42.355404] rzg2l_wdt_restart+0x28/0x68 [ 42.359329] watchdog_restart_notifier+0x1c/0x30 [ 42.363943] atomic_notifier_call_chain+0x94/0x150 [ 42.368732] do_kernel_restart+0x24/0x30 [ 42.372652] machine_restart+0x44/0x70 [ 42.376399] kernel_restart+0x3c/0x60 [ 42.380058] __do_sys_reboot+0x228/0x250 [ 42.383977] __arm64_sys_reboot+0x20/0x28 [ 42.387983] invoke_syscall+0x40/0xf8
AI-Powered Analysis
Technical Analysis
CVE-2022-49383 is a vulnerability identified in the Linux kernel specifically related to the watchdog timer driver for the Renesas RZ/G2L platform (rzg2l_wdt). The issue manifests as a 'BUG: Invalid wait context' error during the system restart process. This bug occurs because the driver incorrectly uses the pm_runtime_get_sync() function to enable clocks during the restart callback, which is not appropriate in this context and leads to invalid wait context errors. The correct approach, as fixed in the patch, is to use clk_prepare_enable() instead for clock management during restart. The problem was observed when testing with the renesas_defconfig configuration, indicating it affects systems running Linux kernels with this configuration and hardware platform. The kernel logs show that the error arises during the reboot sequence, involving systemd-shutdown and kernel mutex locking mechanisms, resulting in a kernel BUG triggered by improper locking and runtime power management calls. This vulnerability is a kernel-level bug that can cause system instability or crashes during reboot operations on affected hardware. While no direct exploitation in the wild is known, the bug could lead to denial of service (DoS) conditions by preventing proper system restarts or causing kernel panics. The vulnerability is specific to the Renesas SMARC EVK platform based on the r9a07g044c2 SoC and Linux kernel versions around 5.17.0-rc5-arm64 with the renesas_defconfig. No CVSS score is assigned, and no known exploits have been reported to date.
Potential Impact
For European organizations using embedded systems or industrial equipment based on the Renesas RZ/G2L platform running Linux kernels with the affected configuration, this vulnerability could cause system instability or failure to reboot properly. This may lead to operational disruptions, especially in critical infrastructure, manufacturing, or IoT deployments where Renesas hardware is common. The inability to restart systems cleanly can result in downtime, impacting availability and potentially causing cascading failures in automated or safety-critical environments. Although the vulnerability does not appear to allow privilege escalation or remote code execution, the denial of service impact during reboot cycles can be significant for systems requiring high availability. European organizations relying on embedded Linux devices in sectors such as automotive, industrial automation, or telecommunications that utilize Renesas SoCs may face increased maintenance costs and operational risks if this bug is not addressed. Given the specificity of the hardware and kernel configuration, the impact is limited to a niche but important segment of embedded Linux deployments.
Mitigation Recommendations
The primary mitigation is to apply the official Linux kernel patch that replaces the incorrect pm_runtime_get_sync() call with clk_prepare_enable() in the rzg2l_wdt watchdog driver during restart callbacks. Organizations should ensure their embedded Linux kernel versions are updated to include this fix, particularly if they use Renesas RZ/G2L hardware or similar configurations. For vendors and integrators, rebuilding and deploying updated kernel images with the patched watchdog driver is essential. Additionally, thorough testing of system reboot sequences should be conducted to verify the fix and prevent regression. Where immediate patching is not feasible, operational mitigations include avoiding unnecessary reboots or implementing watchdog timer configurations that minimize restart callbacks triggering the bug. Monitoring kernel logs for 'Invalid wait context' errors can help detect if the issue is present in deployed systems. Coordination with hardware vendors for updated BSPs (Board Support Packages) and Linux kernel releases is recommended to maintain long-term stability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:08:31.559Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982dc4522896dcbe5889
Added to database: 5/21/2025, 9:09:01 AM
Last enriched: 6/30/2025, 6:41:36 AM
Last updated: 7/27/2025, 1:03:07 AM
Views: 12
Related Threats
CVE-2025-8885: CWE-770 Allocation of Resources Without Limits or Throttling in Legion of the Bouncy Castle Inc. Bouncy Castle for Java
MediumCVE-2025-26398: CWE-798 Use of Hard-coded Credentials in SolarWinds Database Performance Analyzer
MediumCVE-2025-41686: CWE-306 Missing Authentication for Critical Function in Phoenix Contact DaUM
HighCVE-2025-8874: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in litonice13 Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
MediumCVE-2025-8767: CWE-1236 Improper Neutralization of Formula Elements in a CSV File in anwppro AnWP Football Leagues
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.