CVE-2022-49624
📋 TL;DR
This vulnerability in the Linux kernel's Atlantic network driver causes a system hang when resuming from S3 sleep state due to improper cleanup function calls. It affects systems using the atlantic network driver, primarily those with Qualcomm/Aquantia network cards that suspend/resume functionality. The issue leads to denial of service during system resume operations.
💻 Affected Systems
- Linux kernel with atlantic network driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System becomes completely unresponsive during resume from sleep, requiring hard reboot and potentially causing data loss or filesystem corruption.
Likely Case
System hangs when resuming from S3 sleep state, requiring manual power cycle and interrupting normal operations.
If Mitigated
No impact if systems don't use suspend/resume functionality or if patched kernel is used.
🎯 Exploit Status
This is a reliability bug rather than a security vulnerability that can be exploited for privilege escalation or remote access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 2e15c51fefaffaf9f72255eaef4fada05055e4c5, 58c90993933e7a76305519bc70da8c0cd2907c1f, 702419db7ded2e3686fbc05040b61d7428d611d5, or c2978d0124f26e453ed30fda6a37f62d8c7f19cb
Vendor Advisory: https://git.kernel.org/stable/c/2e15c51fefaffaf9f72255eaef4fada05055e4c5
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable suspend/resume functionality
linuxPrevent system from entering S3 sleep state to avoid triggering the bug
echo 'deep' > /sys/power/mem_sleep
systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
Blacklist atlantic driver
linuxPrevent loading of vulnerable driver (will disable network functionality for affected cards)
echo 'blacklist atlantic' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Disable system suspend functionality entirely
- Replace affected network hardware with different brand/model
🔍 How to Verify
Check if Vulnerable:
Check if atlantic module is loaded and kernel version is before fix: lsmod | grep atlantic && uname -rCheck Version:
uname -rVerify Fix Applied:
Check kernel version includes fix commits or test suspend/resume functionality after patch📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing 'PM: failed to resume async: error -110'
- Call traces involving aq_nic_deinit during resume
Network Indicators:
- None - this is a local system issue
SIEM Query:
source="kernel" AND "PM: failed to resume async: error -110" OR "aq_nic_deinit"