CVE-2022-49192

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-49192

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49192.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-49192

Related

Published

2025-02-26T07:00:56Z

Modified

2025-02-26T07:00:56Z

Downstream

SUSE-SU-2025:1176-1

SUSE-SU-2025:1241-1

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

drivers: ethernet: cpsw: fix panic when interrupt coaleceing is set via ethtool

cpswethtoolbegin directly returns the result of pmruntimegetsync when successful. pmruntimegetsync returns -error code on failure and 0 on successful resume but also 1 when the device is already active. So the common case for cpswethtoolbegin is to return 1. That leads to inconsistent calls to pmruntimeput in the call-chain so that pmruntimeput is called one too many times and as result leaving the cpsw dev behind suspended.

The suspended cpsw dev leads to an access violation later on by different parts of the cpsw driver.

Fix this by calling the return-friendly pmruntimeresumeandget function.

References

Affected packages

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.17.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.17.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}