CVE-2022-49175
📋 TL;DR
This CVE describes a race condition vulnerability in the Linux kernel's power management subsystem where device_pm_check_callbacks() incorrectly uses spin_lock_irq()/spin_unlock_irq() instead of irqsave/irqrestore variants, potentially corrupting interrupt flags when called under spin locks. This affects Linux systems using generic power domains (genpd) with spinlocks rather than mutexes.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash due to interrupt state corruption, leading to denial of service.
Likely Case
System instability, kernel warnings, or occasional crashes during device power management operations.
If Mitigated
Minor performance impact from proper interrupt handling with no security compromise.
🎯 Exploit Status
Exploitation requires local access and specific timing conditions to trigger the race condition. Primarily a stability issue rather than a security vulnerability for privilege escalation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 0cccf9d4fb45f1acbc0bbf6d7e4d8d0fb7a10416, 2add538e57a2825c61d639260386f385c75e4166, 3ec80d52b9b74b9e691997632a543c73eddfeba0, 524bb1da785a7ae43dd413cd392b5071c6c367f8, 78c4d68b952f5f537788dbd454031ea9bf50f642
Vendor Advisory: https://git.kernel.org/stable/c/0cccf9d4fb45f1acbc0bbf6d7e4d8d0fb7a10416
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check your distribution's security advisories for backported patches. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable genpd spinlock usage
linuxConfigure generic power domains to use mutexes instead of spinlocks if possible
echo 'options genpd use_mutexes=1' > /etc/modprobe.d/genpd.conf
🧯 If You Can't Patch
- Monitor system logs for 'raw_local_irq_restore() called with IRQs enabled' warnings
- Restrict local user access to systems where stability is critical
🔍 How to Verify
Check if Vulnerable:
Check kernel version and look for the warning 'raw_local_irq_restore() called with IRQs enabled' in dmesg or system logs during device attachment operations.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes one of the fix commits and monitor for absence of the IRQ warning in logs.📡 Detection & Monitoring
Log Indicators:
- 'raw_local_irq_restore() called with IRQs enabled' warning in kernel logs
- 'WARNING: CPU:' messages related to irqflag-debug.c
Network Indicators:
- None - this is a local kernel issue
SIEM Query:
source="kernel" AND "raw_local_irq_restore() called with IRQs enabled"🔗 References
- https://git.kernel.org/stable/c/0cccf9d4fb45f1acbc0bbf6d7e4d8d0fb7a10416
- https://git.kernel.org/stable/c/2add538e57a2825c61d639260386f385c75e4166
- https://git.kernel.org/stable/c/3ec80d52b9b74b9e691997632a543c73eddfeba0
- https://git.kernel.org/stable/c/524bb1da785a7ae43dd413cd392b5071c6c367f8
- https://git.kernel.org/stable/c/78c4d68b952f5f537788dbd454031ea9bf50f642
- https://git.kernel.org/stable/c/be8bc05f38d667eda1e820bc6f69234795be7809
- https://git.kernel.org/stable/c/c29642ba72f87c0a3d7449f7db5d6d76a7ed53c3
- https://git.kernel.org/stable/c/c7c0ec5a1dcc3eaa1e85c804c2ccf46e457788a3
- https://git.kernel.org/stable/c/ede1ef1a7de973321699736ef96d01a4b9a6fe9e
