CVE-2022-49192 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
drivers: ethernet: cpsw: fix panic when interrupt coaleceing is set via ethtool
cpsw_ethtool_begin directly returns the result of pm_runtime_get_sync when successful. pm_runtime_get_sync returns -error code on failure and 0 on successful resume but also 1 when the device is already active. So the common case for cpsw_ethtool_begin is to return 1. That leads to inconsistent calls to pm_runtime_put in the call-chain so that pm_runtime_put is called one too many times and as result leaving the cpsw dev behind suspended.
The suspended cpsw dev leads to an access violation later on by different parts of the cpsw driver.
Fix this by calling the return-friendly pm_runtime_resume_and_get function.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 10/21/2025
The vulnerability identified as CVE-2022-49192 represents a critical runtime power management issue within the Linux kernel's CPSW (CPSW Ethernet) driver component. This flaw manifests as a kernel panic that occurs when interrupt coalescing parameters are adjusted through the ethtool utility interface. The root cause lies in the improper handling of power management runtime states within the driver's ethtool implementation, specifically within the cpsw_ethtool_begin function that manages the device's power runtime context.
The technical flaw stems from a fundamental misunderstanding of how pm_runtime_get_sync function behaves in the Linux kernel's power management subsystem. When pm_runtime_get_sync successfully resumes a device, it returns zero, but when the device is already active, it returns one. The original code incorrectly interpreted this return value, treating both zero and one as successful cases without proper distinction. This inconsistency creates a cascading effect where the power management subsystem receives an incorrect count of active references, leading to an imbalance in the reference counting mechanism that governs device power states.
The operational impact of this vulnerability extends beyond simple system instability, creating conditions that can result in kernel panics and system crashes. When the CPSW driver attempts to access suspended device resources later in its execution flow, the access violations occur because the device remains in an inconsistent power state. This vulnerability directly affects network connectivity and system stability for devices utilizing the CPSW Ethernet driver, particularly those that dynamically adjust interrupt coalescing parameters during runtime operations. The issue becomes particularly problematic in embedded systems and network appliances where continuous network operation is critical.
The fix implemented addresses this vulnerability by replacing the problematic pm_runtime_get_sync call with pm_runtime_resume_and_get, which provides a more robust and consistent interface for managing device power states. This change ensures proper reference counting and prevents the over-incrementing of device references that was causing the power management subsystem to leave the device in a suspended state. The solution aligns with established best practices for power management in Linux kernel drivers and follows the principles outlined in CWE-665: Improper Initialization and CWE-399: Resource Management Errors. This remediation also addresses potential ATT&CK techniques related to privilege escalation and system stability compromise, as the vulnerability could be exploited to cause denial of service conditions that impact network availability and system reliability. The corrected implementation ensures that device power management operations maintain proper state consistency throughout the driver's execution flow, preventing the cascading failures that led to the original panic conditions.