CVE-2022-3111 in Linux
Summary
by MITRE • 12/15/2022
An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger().
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 06/21/2025
The vulnerability identified as CVE-2022-3111 represents a resource management flaw within the Linux kernel's power supply subsystem, specifically affecting versions through 5.16-rc6. This issue manifests in the wm8350_power driver where the free_charger_irq() function fails to properly release the WM8350_IRQ_CHG_FAST_RDY interrupt resource that was previously registered during the charger initialization process. The root cause stems from incomplete cleanup operations in the driver's interrupt handling mechanism, creating a potential resource leak scenario that could impact system stability and resource utilization.
This technical flaw falls under the category of improper cleanup or resource leak vulnerabilities, which are commonly classified as CWE-404: Improper Resource Release or Unlocking. The issue occurs within the wm8350_power.c driver file where the charger initialization function wm8350_init_charger() properly registers the WM8350_IRQ_CHG_FAST_RDY interrupt, but the corresponding cleanup function free_charger_irq() neglects to unregister this specific interrupt. This creates a situation where interrupt resources remain allocated even when the charger subsystem is no longer actively using them, leading to potential resource exhaustion over time or system instability during driver reinitialization scenarios.
The operational impact of this vulnerability extends beyond simple resource waste, as it can contribute to broader system reliability issues within embedded systems and mobile devices that utilize the WM8350 power management chip. When interrupt resources are not properly released, the system may experience degraded performance, increased memory consumption, or even potential system crashes during driver reload operations. The vulnerability is particularly concerning in environments where power management subsystems are frequently initialized and terminated, as the accumulated resource leaks could eventually lead to system instability or denial of service conditions.
From a cybersecurity perspective, this vulnerability aligns with ATT&CK technique T1547.004: "Boot or Logon Autostart Execution - Winlogon Helper DLL" in its potential to create persistent resource consumption issues, though in this case the impact is more subtle and related to interrupt handling rather than malicious execution. The vulnerability demonstrates how seemingly minor cleanup oversights in kernel drivers can create lasting operational impacts. System administrators and embedded developers should consider this issue when evaluating power management subsystems, particularly in devices that rely heavily on battery charging and power regulation capabilities. The fix requires ensuring that all registered interrupts are properly unregistered during driver cleanup operations, following established kernel development practices for interrupt management.
The remediation approach involves modifying the free_charger_irq() function to include proper cleanup of the WM8350_IRQ_CHG_FAST_RDY interrupt resource, ensuring that all previously registered interrupts are released when the charger subsystem is shut down. This aligns with kernel development best practices for resource management and follows the principle of least privilege and proper resource lifecycle management. The fix should be implemented in conjunction with comprehensive testing to verify that interrupt handling remains functional after the cleanup operations, ensuring no regression in power management capabilities while addressing the resource leak vulnerability.