CVE-2022-49132

{"id": "CVE-2022-49132", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-02-26T07:00:50.497", "references": [{"url": "https://git.kernel.org/stable/c/aeed776c00e804a0f7896db39c7c661cea34ee1f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b4f4c56459a5c744f7f066b9fc2b54ea995030c5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f3c5ef433da82d257337424b3647ce9dcb37d4b5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fed4cef115ab21a18faf499b3fa9b9a4b544f941", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-908"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nath11k: pci: fix crash on suspend if board file is not found\n\nMario reported that the kernel was crashing on suspend if ath11k was not able\nto find a board file:\n\n[ 473.693286] PM: Suspending system (s2idle)\n[ 473.693291] printk: Suspending console(s) (use no_console_suspend to debug)\n[ 474.407787] BUG: unable to handle page fault for address: 0000000000002070\n[ 474.407791] #PF: supervisor read access in kernel mode\n[ 474.407794] #PF: error_code(0x0000) - not-present page\n[ 474.407798] PGD 0 P4D 0\n[ 474.407801] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 474.407805] CPU: 2 PID: 2350 Comm: kworker/u32:14 Tainted: G W 5.16.0 #248\n[...]\n[ 474.407868] Call Trace:\n[ 474.407870] <TASK>\n[ 474.407874] ? _raw_spin_lock_irqsave+0x2a/0x60\n[ 474.407882] ? lock_timer_base+0x72/0xa0\n[ 474.407889] ? _raw_spin_unlock_irqrestore+0x29/0x3d\n[ 474.407892] ? try_to_del_timer_sync+0x54/0x80\n[ 474.407896] ath11k_dp_rx_pktlog_stop+0x49/0xc0 [ath11k]\n[ 474.407912] ath11k_core_suspend+0x34/0x130 [ath11k]\n[ 474.407923] ath11k_pci_pm_suspend+0x1b/0x50 [ath11k_pci]\n[ 474.407928] pci_pm_suspend+0x7e/0x170\n[ 474.407935] ? pci_pm_freeze+0xc0/0xc0\n[ 474.407939] dpm_run_callback+0x4e/0x150\n[ 474.407947] __device_suspend+0x148/0x4c0\n[ 474.407951] async_suspend+0x20/0x90\ndmesg-efi-164255130401001:\nOops#1 Part1\n[ 474.407955] async_run_entry_fn+0x33/0x120\n[ 474.407959] process_one_work+0x220/0x3f0\n[ 474.407966] worker_thread+0x4a/0x3d0\n[ 474.407971] kthread+0x17a/0x1a0\n[ 474.407975] ? process_one_work+0x3f0/0x3f0\n[ 474.407979] ? set_kthread_struct+0x40/0x40\n[ 474.407983] ret_from_fork+0x22/0x30\n[ 474.407991] </TASK>\n\nThe issue here is that board file loading happens after ath11k_pci_probe()\nsuccesfully returns (ath11k initialisation happends asynchronously) and the\nsuspend handler is still enabled, of course failing as ath11k is not properly\ninitialised. Fix this by checking ATH11K_FLAG_QMI_FAIL during both suspend and\nresume.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03003-QCAHSPSWPL_V1_V2_SILICONZ_LITE-2"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ath11k: pci: se corrige el fallo en suspensi\u00f3n si no se encuentra el archivo de la placa Mario inform\u00f3 que el kernel se bloqueaba en suspensi\u00f3n si ath11k no pod\u00eda encontrar un archivo de placa: [ 473.693286] PM: Suspendiendo el sistema (s2idle) [ 473.693291] printk: Suspendiendo consola(s) (use no_console_suspend para depurar) [ 474.407787] ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: 0000000000002070 [ 474.407791] #PF: acceso de lectura de supervisor en modo kernel [ 474.407794] #PF: error_code(0x0000) - p\u00e1gina no presente [ 474.407798] PGD 0 P4D 0 [ 474.407801] Ups: 0000 [#1] PREEMPT SMP NOPTI [ 474.407805] CPU: 2 PID: 2350 Comm: kworker/u32:14 Contaminado: GW 5.16.0 #248 [...] [ 474.407868] Rastreo de llamadas: [ 474.407870] [ 474.407874] ? _raw_spin_lock_irqsave+0x2a/0x60 [ 474.407882] ? lock_timer_base+0x72/0xa0 [ 474.407889] ? _raw_spin_unlock_irqrestore+0x29/0x3d [ 474.407892] ? try_to_del_timer_sync+0x54/0x80 [ 474.407896] ath11k_dp_rx_pktlog_stop+0x49/0xc0 [ath11k] [ 474.407912] ath11k_core_suspend+0x34/0x130 [ath11k] [ 474.407923] ath11k_pci_pm_suspend+0x1b/0x50 [ath11k_pci] [ 474.407928] pci_pm_suspend+0x7e/0x170 [ 474.407935] ? pci_pm_freeze+0xc0/0xc0 [ 474.407939] dpm_run_callback+0x4e/0x150 [ 474.407947] __device_suspend+0x148/0x4c0 [ 474.407951] async_suspend+0x20/0x90 dmesg-efi-164255130401001: Ups #1 Parte 1 [ 474.407955] async_run_entry_fn+0x33/0x120 [ 474.407959] process_one_work+0x220/0x3f0 [ 474.407966] worker_thread+0x4a/0x3d0 [ 474.407971] kthread+0x17a/0x1a0 [ 474.407975] ? process_one_work+0x3f0/0x3f0 [ 474.407979] ? set_kthread_struct+0x40/0x40 [ 474.407983] ret_from_fork+0x22/0x30 [ 474.407991] El problema aqu\u00ed es que la carga del archivo de la placa ocurre despu\u00e9s de que ath11k_pci_probe() retorna exitosamente (la inicializaci\u00f3n de ath11k ocurre de manera asincr\u00f3nica) y el controlador de suspensi\u00f3n a\u00fan est\u00e1 habilitado, por supuesto fallando ya que ath11k no est\u00e1 inicializado correctamente. Solucione esto marcando ATH11K_FLAG_QMI_FAIL durante la suspensi\u00f3n y la reanudaci\u00f3n. Probado en: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03003-QCAHSPSWPL_V1_V2_SILICONZ_LITE-2"}], "lastModified": "2025-09-23T18:17:53.660", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4826B343-2301-4772-8D0D-FC9B3661E54E", "versionEndExcluding": "5.15.34", "versionStartIncluding": "5.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABBBA66E-0244-4621-966B-9790AF1EEB00", "versionEndExcluding": "5.16.20", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE420AC7-1E59-4398-B84F-71F4B4337762", "versionEndExcluding": "5.17.3", "versionStartIncluding": "5.17"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}