CVE-2022-49841: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add missing .thaw_noirq hook The following warning is seen with non-console UART instance when system hibernates. [ 37.371969] ------------[ cut here ]------------ [ 37.376599] uart3_root_clk already disabled [ 37.380810] WARNING: CPU: 0 PID: 296 at drivers/clk/clk.c:952 clk_core_disable+0xa4/0xb0 ... [ 37.506986] Call trace: [ 37.509432] clk_core_disable+0xa4/0xb0 [ 37.513270] clk_disable+0x34/0x50 [ 37.516672] imx_uart_thaw+0x38/0x5c [ 37.520250] platform_pm_thaw+0x30/0x6c [ 37.524089] dpm_run_callback.constprop.0+0x3c/0xd4 [ 37.528972] device_resume+0x7c/0x160 [ 37.532633] dpm_resume+0xe8/0x230 [ 37.536036] hibernation_snapshot+0x288/0x430 [ 37.540397] hibernate+0x10c/0x2e0 [ 37.543798] state_store+0xc4/0xd0 [ 37.547203] kobj_attr_store+0x1c/0x30 [ 37.550953] sysfs_kf_write+0x48/0x60 [ 37.554619] kernfs_fop_write_iter+0x118/0x1ac [ 37.559063] new_sync_write+0xe8/0x184 [ 37.562812] vfs_write+0x230/0x290 [ 37.566214] ksys_write+0x68/0xf4 [ 37.569529] __arm64_sys_write+0x20/0x2c [ 37.573452] invoke_syscall.constprop.0+0x50/0xf0 [ 37.578156] do_el0_svc+0x11c/0x150 [ 37.581648] el0_svc+0x30/0x140 [ 37.584792] el0t_64_sync_handler+0xe8/0xf0 [ 37.588976] el0t_64_sync+0x1a0/0x1a4 [ 37.592639] ---[ end trace 56e22eec54676d75 ]--- On hibernating, pm core calls into related hooks in sequence like: .freeze .freeze_noirq .thaw_noirq .thaw With .thaw_noirq hook being absent, the clock will be disabled in a unbalanced call which results the warning above. imx_uart_freeze() clk_prepare_enable() imx_uart_suspend_noirq() clk_disable() imx_uart_thaw clk_disable_unprepare() Adding the missing .thaw_noirq hook as imx_uart_resume_noirq() will have the call sequence corrected as below and thus fix the warning. imx_uart_freeze() clk_prepare_enable() imx_uart_suspend_noirq() clk_disable() imx_uart_resume_noirq() clk_enable() imx_uart_thaw clk_disable_unprepare()
AI Analysis
Technical Summary
CVE-2022-49841 is a vulnerability in the Linux kernel specifically related to the imx UART serial driver. The issue arises from a missing .thaw_noirq hook in the power management (pm) core sequence for handling system hibernation and resume operations. During hibernation, the pm core calls a series of hooks in the following order: .freeze, .freeze_noirq, .thaw_noirq, and .thaw. The imx UART driver implements .freeze, .freeze_noirq, and .thaw hooks but lacks the .thaw_noirq hook, which leads to an unbalanced clock disable call sequence. This manifests as a warning message during system resume from hibernation, indicating that the uart3_root_clk is already disabled and triggering a kernel warning and call trace. The root cause is that the clock disable/enable calls are not properly balanced due to the missing .thaw_noirq hook, which should re-enable the clock before the final .thaw disables and unprepares it. The fix involves adding the missing .thaw_noirq hook (imx_uart_resume_noirq) to correctly balance the clock enable/disable calls during the resume process. This correction prevents the kernel warnings and potential instability during hibernation resume cycles. The vulnerability does not appear to allow direct code execution or privilege escalation but may cause system instability or kernel warnings that could impact system reliability. The affected versions are specific Linux kernel commits identified by their hashes, indicating this is a low-level kernel driver issue. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of this vulnerability is primarily related to system stability and reliability rather than direct security compromise. Systems using affected Linux kernel versions with imx UART drivers—commonly found in embedded devices, industrial control systems, and specialized hardware platforms—may experience kernel warnings or potential crashes during hibernation or suspend/resume cycles. This could lead to unexpected downtime or degraded performance in critical infrastructure, manufacturing environments, or IoT deployments. While it does not directly expose confidentiality or integrity risks, the instability could indirectly affect availability of services relying on these systems. Organizations with embedded Linux devices in sectors such as automotive, telecommunications, or industrial automation in Europe should be aware of this issue. The lack of known exploits reduces immediate risk, but unaddressed kernel warnings could complicate system maintenance and troubleshooting, especially in large-scale deployments.
Mitigation Recommendations
To mitigate this vulnerability, organizations should apply the patch that adds the missing .thaw_noirq hook (imx_uart_resume_noirq) to the imx UART driver in the Linux kernel. This requires updating to a fixed kernel version or backporting the patch if using long-term support kernels. System administrators should verify the kernel version and confirm if the affected commits are present. For embedded or specialized devices, coordinate with hardware vendors or Linux distribution maintainers to obtain updated firmware or kernel packages. Additionally, monitoring system logs for the specific kernel warning messages related to uart3_root_clk during hibernation can help identify affected systems. Avoid relying on hibernation or suspend/resume features on impacted devices until patched, if feasible. Implementing robust kernel update procedures and testing power management features post-update will ensure stability. Since this is a low-level kernel driver issue, generic mitigations like disabling UART devices are impractical; the focus should be on timely patching and system monitoring.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Sweden, Finland
CVE-2022-49841: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add missing .thaw_noirq hook The following warning is seen with non-console UART instance when system hibernates. [ 37.371969] ------------[ cut here ]------------ [ 37.376599] uart3_root_clk already disabled [ 37.380810] WARNING: CPU: 0 PID: 296 at drivers/clk/clk.c:952 clk_core_disable+0xa4/0xb0 ... [ 37.506986] Call trace: [ 37.509432] clk_core_disable+0xa4/0xb0 [ 37.513270] clk_disable+0x34/0x50 [ 37.516672] imx_uart_thaw+0x38/0x5c [ 37.520250] platform_pm_thaw+0x30/0x6c [ 37.524089] dpm_run_callback.constprop.0+0x3c/0xd4 [ 37.528972] device_resume+0x7c/0x160 [ 37.532633] dpm_resume+0xe8/0x230 [ 37.536036] hibernation_snapshot+0x288/0x430 [ 37.540397] hibernate+0x10c/0x2e0 [ 37.543798] state_store+0xc4/0xd0 [ 37.547203] kobj_attr_store+0x1c/0x30 [ 37.550953] sysfs_kf_write+0x48/0x60 [ 37.554619] kernfs_fop_write_iter+0x118/0x1ac [ 37.559063] new_sync_write+0xe8/0x184 [ 37.562812] vfs_write+0x230/0x290 [ 37.566214] ksys_write+0x68/0xf4 [ 37.569529] __arm64_sys_write+0x20/0x2c [ 37.573452] invoke_syscall.constprop.0+0x50/0xf0 [ 37.578156] do_el0_svc+0x11c/0x150 [ 37.581648] el0_svc+0x30/0x140 [ 37.584792] el0t_64_sync_handler+0xe8/0xf0 [ 37.588976] el0t_64_sync+0x1a0/0x1a4 [ 37.592639] ---[ end trace 56e22eec54676d75 ]--- On hibernating, pm core calls into related hooks in sequence like: .freeze .freeze_noirq .thaw_noirq .thaw With .thaw_noirq hook being absent, the clock will be disabled in a unbalanced call which results the warning above. imx_uart_freeze() clk_prepare_enable() imx_uart_suspend_noirq() clk_disable() imx_uart_thaw clk_disable_unprepare() Adding the missing .thaw_noirq hook as imx_uart_resume_noirq() will have the call sequence corrected as below and thus fix the warning. imx_uart_freeze() clk_prepare_enable() imx_uart_suspend_noirq() clk_disable() imx_uart_resume_noirq() clk_enable() imx_uart_thaw clk_disable_unprepare()
AI-Powered Analysis
Technical Analysis
CVE-2022-49841 is a vulnerability in the Linux kernel specifically related to the imx UART serial driver. The issue arises from a missing .thaw_noirq hook in the power management (pm) core sequence for handling system hibernation and resume operations. During hibernation, the pm core calls a series of hooks in the following order: .freeze, .freeze_noirq, .thaw_noirq, and .thaw. The imx UART driver implements .freeze, .freeze_noirq, and .thaw hooks but lacks the .thaw_noirq hook, which leads to an unbalanced clock disable call sequence. This manifests as a warning message during system resume from hibernation, indicating that the uart3_root_clk is already disabled and triggering a kernel warning and call trace. The root cause is that the clock disable/enable calls are not properly balanced due to the missing .thaw_noirq hook, which should re-enable the clock before the final .thaw disables and unprepares it. The fix involves adding the missing .thaw_noirq hook (imx_uart_resume_noirq) to correctly balance the clock enable/disable calls during the resume process. This correction prevents the kernel warnings and potential instability during hibernation resume cycles. The vulnerability does not appear to allow direct code execution or privilege escalation but may cause system instability or kernel warnings that could impact system reliability. The affected versions are specific Linux kernel commits identified by their hashes, indicating this is a low-level kernel driver issue. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of this vulnerability is primarily related to system stability and reliability rather than direct security compromise. Systems using affected Linux kernel versions with imx UART drivers—commonly found in embedded devices, industrial control systems, and specialized hardware platforms—may experience kernel warnings or potential crashes during hibernation or suspend/resume cycles. This could lead to unexpected downtime or degraded performance in critical infrastructure, manufacturing environments, or IoT deployments. While it does not directly expose confidentiality or integrity risks, the instability could indirectly affect availability of services relying on these systems. Organizations with embedded Linux devices in sectors such as automotive, telecommunications, or industrial automation in Europe should be aware of this issue. The lack of known exploits reduces immediate risk, but unaddressed kernel warnings could complicate system maintenance and troubleshooting, especially in large-scale deployments.
Mitigation Recommendations
To mitigate this vulnerability, organizations should apply the patch that adds the missing .thaw_noirq hook (imx_uart_resume_noirq) to the imx UART driver in the Linux kernel. This requires updating to a fixed kernel version or backporting the patch if using long-term support kernels. System administrators should verify the kernel version and confirm if the affected commits are present. For embedded or specialized devices, coordinate with hardware vendors or Linux distribution maintainers to obtain updated firmware or kernel packages. Additionally, monitoring system logs for the specific kernel warning messages related to uart3_root_clk during hibernation can help identify affected systems. Avoid relying on hibernation or suspend/resume features on impacted devices until patched, if feasible. Implementing robust kernel update procedures and testing power management features post-update will ensure stability. Since this is a low-level kernel driver issue, generic mitigations like disabling UART devices are impractical; the focus should be on timely patching and system monitoring.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-05-01T14:05:17.229Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982cc4522896dcbe4df1
Added to database: 5/21/2025, 9:09:00 AM
Last enriched: 6/30/2025, 2:26:21 AM
Last updated: 8/7/2025, 10:15:55 AM
Views: 13
Related Threats
CVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumCVE-2025-8143: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pencidesign Soledad
MediumCVE-2025-8142: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in pencidesign Soledad
HighCVE-2025-8105: CWE-94 Improper Control of Generation of Code ('Code Injection') in pencidesign Soledad
HighCVE-2025-8719: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in reubenthiessen Translate This gTranslate Shortcode
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.