CVE-2022-49265 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove()
When a genpd with GENPD_FLAG_IRQ_SAFE gets removed, the following sleep-in-atomic bug will be seen, as genpd_debug_remove() will be called with a spinlock being held.
[ 0.029183] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1460
[ 0.029204] in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 1, name: swapper/0
[ 0.029219] preempt_count: 1, expected: 0
[ 0.029230] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.17.0-rc4+ #489
[ 0.029245] Hardware name: Thundercomm TurboX CM2290 (DT)
[ 0.029256] Call trace:
[ 0.029265] dump_backtrace.part.0+0xbc/0xd0
[ 0.029285] show_stack+0x3c/0xa0
[ 0.029298] dump_stack_lvl+0x7c/0xa0
[ 0.029311] dump_stack+0x18/0x34
[ 0.029323] __might_resched+0x10c/0x13c
[ 0.029338] __might_sleep+0x4c/0x80
[ 0.029351] down_read+0x24/0xd0
[ 0.029363] lookup_one_len_unlocked+0x9c/0xcc
[ 0.029379] lookup_positive_unlocked+0x10/0x50
[ 0.029392] debugfs_lookup+0x68/0xac
[ 0.029406] genpd_remove.part.0+0x12c/0x1b4
[ 0.029419] of_genpd_remove_last+0xa8/0xd4
[ 0.029434] psci_cpuidle_domain_probe+0x174/0x53c
[ 0.029449] platform_probe+0x68/0xe0
[ 0.029462] really_probe+0x190/0x430
[ 0.029473] __driver_probe_device+0x90/0x18c
[ 0.029485] driver_probe_device+0x40/0xe0
[ 0.029497] __driver_attach+0xf4/0x1d0
[ 0.029508] bus_for_each_dev+0x70/0xd0
[ 0.029523] driver_attach+0x24/0x30
[ 0.029534] bus_add_driver+0x164/0x22c
[ 0.029545] driver_register+0x78/0x130
[ 0.029556] __platform_driver_register+0x28/0x34
[ 0.029569] psci_idle_init_domains+0x1c/0x28
[ 0.029583] do_one_initcall+0x50/0x1b0
[ 0.029595] kernel_init_freeable+0x214/0x280
[ 0.029609] kernel_init+0x2c/0x13c
[ 0.029622] ret_from_fork+0x10/0x20
It doesn't seem necessary to call genpd_debug_remove() with the lock, so move it out from locking to fix the problem.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 10/21/2025
The vulnerability described in CVE-2022-49265 represents a critical sleep-in-atomic bug within the Linux kernel's power management subsystem, specifically affecting the generic power domain framework. This flaw manifests when a power domain with the GENPD_FLAG_IRQ_SAFE flag is removed, causing a kernel panic due to inappropriate function calls during atomic execution contexts. The issue stems from the genpd_debug_remove() function being invoked while a spinlock is held, which violates fundamental kernel safety principles and creates a scenario where sleeping functions execute in atomic contexts. The kernel's locking mechanisms detect this violation and generate a BUG message indicating that sleeping functions were called from invalid contexts, where in_atomic() returns true, interrupts are disabled, and the preempt count is abnormal. This condition directly violates the kernel's atomic execution model where certain operations must not block or sleep, as doing so could lead to system instability, deadlocks, or data corruption.
The technical implementation of this vulnerability involves the interaction between power management subsystem components and the kernel's debug filesystem functionality. When a generic power domain is removed, the genpd_debug_remove() function attempts to perform debug filesystem operations that require sleeping, but these operations occur within a critical section where spinlocks are held. The call trace shows this problematic sequence starting from platform driver probing through psci_cpuidle_domain_probe, eventually reaching the debugfs_lookup function which triggers the sleep-in-atomic violation. The kernel's rwsem.c file at line 1460 specifically flags this as a violation because the down_read() function is called from an atomic context, indicating that the system attempted to acquire a semaphore while in a state where sleeping is prohibited. This pattern aligns with CWE-367, which addresses Time-of-Check to Time-of-Use (TOCTOU) vulnerabilities, though in this case it's more accurately described as an improper atomic context usage. The vulnerability demonstrates a clear violation of the kernel's fundamental principle that atomic sections must not perform operations that could sleep or block.
The operational impact of this vulnerability is severe as it can cause immediate system crashes and panics during kernel initialization or power management operations. Systems utilizing the affected kernel versions may experience complete system failures when attempting to remove power domains, particularly in embedded systems or devices that rely heavily on power management features like ARM-based systems using PSCI (Power State Coordination Interface) for CPU idle management. The vulnerability affects the boot process itself, as evidenced by the call trace starting from kernel_init_freeable, indicating that the system cannot complete its initialization sequence. This type of bug can lead to denial of service conditions where devices become unresponsive, and in embedded systems, it could prevent proper system operation or even render hardware inoperable. From an attack perspective, this vulnerability could potentially be exploited by malicious actors to cause system instability, though it primarily represents an implementation flaw rather than a direct security vulnerability that could be leveraged for privilege escalation or other malicious activities.
The fix for CVE-2022-49265 involves restructuring the genpd_debug_remove() function call to occur outside of the spinlock-protected section, ensuring that debug filesystem operations do not execute in atomic contexts. This solution follows the established kernel development practice of separating atomic and non-atomic operations to prevent context violations. The mitigation strategy requires moving the debug removal function call out of the locking section, thereby allowing proper synchronization without violating atomic execution constraints. This approach aligns with ATT&CK framework techniques related to kernel exploitation prevention and system stability maintenance. Organizations should immediately upgrade to kernel versions that include this fix, as the vulnerability affects the fundamental power management capabilities of affected systems. The patch demonstrates a proper understanding of kernel synchronization primitives and the importance of maintaining context integrity during system initialization and runtime operations. System administrators should prioritize applying this update across all affected systems, particularly those running embedded Linux distributions or devices that rely on power management features, to prevent potential system crashes or operational failures.