CVE-2022-49613: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix PM usage_count for console handover When console is enabled, univ8250_console_setup() calls serial8250_console_setup() before .dev is set to uart_port. Therefore, it will not call pm_runtime_get_sync(). Later, when the actual driver is going to take over univ8250_console_exit() is called. As .dev is already set, serial8250_console_exit() makes pm_runtime_put_sync() call with usage count being zero triggering PM usage count warning (extra debug for univ8250_console_setup(), univ8250_console_exit(), and serial8250_register_ports()): [ 0.068987] univ8250_console_setup ttyS0 nodev [ 0.499670] printk: console [ttyS0] enabled [ 0.717955] printk: console [ttyS0] printing thread started [ 1.960163] serial8250_register_ports assigned dev for ttyS0 [ 1.976830] printk: console [ttyS0] disabled [ 1.976888] printk: console [ttyS0] printing thread stopped [ 1.977073] univ8250_console_exit ttyS0 usage:0 [ 1.977075] serial8250 serial8250: Runtime PM usage count underflow! [ 1.977429] dw-apb-uart.6: ttyS0 at MMIO 0x4010006000 (irq = 33, base_baud = 115200) is a 16550A [ 1.977812] univ8250_console_setup ttyS0 usage:2 [ 1.978167] printk: console [ttyS0] printing thread started [ 1.978203] printk: console [ttyS0] enabled To fix the issue, call pm_runtime_get_sync() in serial8250_register_ports() as soon as .dev is set for an uart_port if it has console enabled. This problem became apparent only recently because 82586a721595 ("PM: runtime: Avoid device usage count underflows") added the warning printout. I confirmed this problem also occurs with v5.18 (w/o the warning printout, obviously).
AI Analysis
Technical Summary
CVE-2022-49613 is a vulnerability in the Linux kernel's serial driver subsystem, specifically affecting the 8250 serial driver used for UART (Universal Asynchronous Receiver/Transmitter) ports. The issue arises during the console handover process when the serial port is used as a console device. During initialization, the function univ8250_console_setup() calls serial8250_console_setup() before the device (.dev) field of the uart_port structure is set. This leads to the omission of a critical power management (PM) runtime call, pm_runtime_get_sync(), which is responsible for incrementing the device's usage count to prevent premature power down. Later, when the actual driver takes over and univ8250_console_exit() is called, the device is already set, and serial8250_console_exit() calls pm_runtime_put_sync(), which decrements the usage count. Because the usage count was never incremented initially, this results in a usage count underflow, triggering runtime PM warnings and potentially causing improper power management behavior. The root cause is a race condition or ordering flaw in the console setup and teardown sequence that leads to an imbalance in PM usage count increments and decrements. This problem was only recently detected due to the addition of debug warnings in the Linux kernel (commit 82586a721595) that highlight usage count underflows. The fix involves calling pm_runtime_get_sync() immediately after the device is assigned in serial8250_register_ports() if the UART port has console enabled, ensuring the usage count is correctly incremented before any decrement occurs. Although this vulnerability does not directly lead to code execution or privilege escalation, it can cause instability or unexpected behavior in device power management, potentially affecting system reliability and availability on systems using the affected serial console driver. The affected Linux kernel versions include those identified by the commit hash bedb404e91bb2908d9921fc736a518a9d89525fc, and the issue has been publicly disclosed but no known exploits are reported in the wild.
Potential Impact
For European organizations, the impact of CVE-2022-49613 is primarily related to system stability and reliability rather than direct security compromise. Systems that rely on Linux kernels with the affected 8250 serial driver and use serial ports as consoles—common in embedded systems, industrial control systems, telecommunications infrastructure, and certain server environments—may experience runtime warnings and potential power management issues. This could lead to unexpected device behavior, degraded performance, or in rare cases, system crashes or hangs due to improper power state transitions. Organizations in sectors such as manufacturing, energy, transportation, and critical infrastructure that use Linux-based embedded devices or servers with serial console configurations may be particularly affected. While no direct exploitation or data breach is indicated, disruptions caused by this vulnerability could impact operational continuity and availability of critical systems. Given the widespread use of Linux in European IT environments, especially in government, research, and industrial sectors, unpatched systems could face increased maintenance overhead and risk of downtime. However, the lack of known exploits and the technical nature of the flaw suggest the immediate security risk is low, but the operational risk in sensitive environments is moderate.
Mitigation Recommendations
To mitigate CVE-2022-49613, European organizations should: 1) Apply the official Linux kernel patches that address the PM usage count imbalance in the serial8250 driver, specifically the fix that adds pm_runtime_get_sync() in serial8250_register_ports() when the console is enabled. 2) For systems where kernel upgrades are not immediately feasible, consider disabling serial console usage or reconfiguring systems to avoid using the affected UART ports as consoles until patched. 3) Monitor kernel logs for runtime PM warnings related to serial8250 to detect potential occurrences of the issue. 4) In embedded or industrial Linux environments, coordinate with hardware vendors and system integrators to ensure updated kernel versions are deployed. 5) Implement robust system monitoring and alerting for device power management anomalies and system stability issues that could be linked to this vulnerability. 6) Conduct thorough testing of kernel updates in staging environments to ensure no regressions in device power management behavior. These steps go beyond generic patching advice by emphasizing monitoring, configuration adjustments, and vendor coordination tailored to the specific nature of this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden, Finland, Belgium
CVE-2022-49613: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix PM usage_count for console handover When console is enabled, univ8250_console_setup() calls serial8250_console_setup() before .dev is set to uart_port. Therefore, it will not call pm_runtime_get_sync(). Later, when the actual driver is going to take over univ8250_console_exit() is called. As .dev is already set, serial8250_console_exit() makes pm_runtime_put_sync() call with usage count being zero triggering PM usage count warning (extra debug for univ8250_console_setup(), univ8250_console_exit(), and serial8250_register_ports()): [ 0.068987] univ8250_console_setup ttyS0 nodev [ 0.499670] printk: console [ttyS0] enabled [ 0.717955] printk: console [ttyS0] printing thread started [ 1.960163] serial8250_register_ports assigned dev for ttyS0 [ 1.976830] printk: console [ttyS0] disabled [ 1.976888] printk: console [ttyS0] printing thread stopped [ 1.977073] univ8250_console_exit ttyS0 usage:0 [ 1.977075] serial8250 serial8250: Runtime PM usage count underflow! [ 1.977429] dw-apb-uart.6: ttyS0 at MMIO 0x4010006000 (irq = 33, base_baud = 115200) is a 16550A [ 1.977812] univ8250_console_setup ttyS0 usage:2 [ 1.978167] printk: console [ttyS0] printing thread started [ 1.978203] printk: console [ttyS0] enabled To fix the issue, call pm_runtime_get_sync() in serial8250_register_ports() as soon as .dev is set for an uart_port if it has console enabled. This problem became apparent only recently because 82586a721595 ("PM: runtime: Avoid device usage count underflows") added the warning printout. I confirmed this problem also occurs with v5.18 (w/o the warning printout, obviously).
AI-Powered Analysis
Technical Analysis
CVE-2022-49613 is a vulnerability in the Linux kernel's serial driver subsystem, specifically affecting the 8250 serial driver used for UART (Universal Asynchronous Receiver/Transmitter) ports. The issue arises during the console handover process when the serial port is used as a console device. During initialization, the function univ8250_console_setup() calls serial8250_console_setup() before the device (.dev) field of the uart_port structure is set. This leads to the omission of a critical power management (PM) runtime call, pm_runtime_get_sync(), which is responsible for incrementing the device's usage count to prevent premature power down. Later, when the actual driver takes over and univ8250_console_exit() is called, the device is already set, and serial8250_console_exit() calls pm_runtime_put_sync(), which decrements the usage count. Because the usage count was never incremented initially, this results in a usage count underflow, triggering runtime PM warnings and potentially causing improper power management behavior. The root cause is a race condition or ordering flaw in the console setup and teardown sequence that leads to an imbalance in PM usage count increments and decrements. This problem was only recently detected due to the addition of debug warnings in the Linux kernel (commit 82586a721595) that highlight usage count underflows. The fix involves calling pm_runtime_get_sync() immediately after the device is assigned in serial8250_register_ports() if the UART port has console enabled, ensuring the usage count is correctly incremented before any decrement occurs. Although this vulnerability does not directly lead to code execution or privilege escalation, it can cause instability or unexpected behavior in device power management, potentially affecting system reliability and availability on systems using the affected serial console driver. The affected Linux kernel versions include those identified by the commit hash bedb404e91bb2908d9921fc736a518a9d89525fc, and the issue has been publicly disclosed but no known exploits are reported in the wild.
Potential Impact
For European organizations, the impact of CVE-2022-49613 is primarily related to system stability and reliability rather than direct security compromise. Systems that rely on Linux kernels with the affected 8250 serial driver and use serial ports as consoles—common in embedded systems, industrial control systems, telecommunications infrastructure, and certain server environments—may experience runtime warnings and potential power management issues. This could lead to unexpected device behavior, degraded performance, or in rare cases, system crashes or hangs due to improper power state transitions. Organizations in sectors such as manufacturing, energy, transportation, and critical infrastructure that use Linux-based embedded devices or servers with serial console configurations may be particularly affected. While no direct exploitation or data breach is indicated, disruptions caused by this vulnerability could impact operational continuity and availability of critical systems. Given the widespread use of Linux in European IT environments, especially in government, research, and industrial sectors, unpatched systems could face increased maintenance overhead and risk of downtime. However, the lack of known exploits and the technical nature of the flaw suggest the immediate security risk is low, but the operational risk in sensitive environments is moderate.
Mitigation Recommendations
To mitigate CVE-2022-49613, European organizations should: 1) Apply the official Linux kernel patches that address the PM usage count imbalance in the serial8250 driver, specifically the fix that adds pm_runtime_get_sync() in serial8250_register_ports() when the console is enabled. 2) For systems where kernel upgrades are not immediately feasible, consider disabling serial console usage or reconfiguring systems to avoid using the affected UART ports as consoles until patched. 3) Monitor kernel logs for runtime PM warnings related to serial8250 to detect potential occurrences of the issue. 4) In embedded or industrial Linux environments, coordinate with hardware vendors and system integrators to ensure updated kernel versions are deployed. 5) Implement robust system monitoring and alerting for device power management anomalies and system stability issues that could be linked to this vulnerability. 6) Conduct thorough testing of kernel updates in staging environments to ensure no regressions in device power management behavior. These steps go beyond generic patching advice by emphasizing monitoring, configuration adjustments, and vendor coordination tailored to the specific nature of this vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:21:30.418Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982cc4522896dcbe461f
Added to database: 5/21/2025, 9:09:00 AM
Last enriched: 6/29/2025, 11:12:46 PM
Last updated: 8/1/2025, 4:10:27 AM
Views: 12
Related Threats
CVE-2025-9096: Cross Site Scripting in ExpressGateway express-gateway
MediumCVE-2025-9095: Cross Site Scripting in ExpressGateway express-gateway
MediumCVE-2025-7342: CWE-798 Use of Hard-coded Credentials in Kubernetes Image Builder
HighCVE-2025-9094: Improper Neutralization of Special Elements Used in a Template Engine in ThingsBoard
MediumCVE-2025-9093: Improper Export of Android Application Components in BuzzFeed App
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.