CVE-2022-49841 in Linux
Summary
by MITRE • 05/01/2025
In the Linux kernel, the following vulnerability has been resolved:
serial: imx: Add missing .thaw_noirq hook
The following warning is seen with non-console UART instance when system hibernates.
[ 37.371969] ------------[ cut here ]------------
[ 37.376599] uart3_root_clk already disabled
[ 37.380810] WARNING: CPU: 0 PID: 296 at drivers/clk/clk.c:952 clk_core_disable+0xa4/0xb0
... [ 37.506986] Call trace:
[ 37.509432] clk_core_disable+0xa4/0xb0
[ 37.513270] clk_disable+0x34/0x50
[ 37.516672] imx_uart_thaw+0x38/0x5c
[ 37.520250] platform_pm_thaw+0x30/0x6c
[ 37.524089] dpm_run_callback.constprop.0+0x3c/0xd4
[ 37.528972] device_resume+0x7c/0x160
[ 37.532633] dpm_resume+0xe8/0x230
[ 37.536036] hibernation_snapshot+0x288/0x430
[ 37.540397] hibernate+0x10c/0x2e0
[ 37.543798] state_store+0xc4/0xd0
[ 37.547203] kobj_attr_store+0x1c/0x30
[ 37.550953] sysfs_kf_write+0x48/0x60
[ 37.554619] kernfs_fop_write_iter+0x118/0x1ac
[ 37.559063] new_sync_write+0xe8/0x184
[ 37.562812] vfs_write+0x230/0x290
[ 37.566214] ksys_write+0x68/0xf4
[ 37.569529] __arm64_sys_write+0x20/0x2c
[ 37.573452] invoke_syscall.constprop.0+0x50/0xf0
[ 37.578156] do_el0_svc+0x11c/0x150
[ 37.581648] el0_svc+0x30/0x140
[ 37.584792] el0t_64_sync_handler+0xe8/0xf0
[ 37.588976] el0t_64_sync+0x1a0/0x1a4
[ 37.592639] ---[ end trace 56e22eec54676d75 ]---
On hibernating, pm core calls into related hooks in sequence like:
.freeze .freeze_noirq .thaw_noirq .thaw
With .thaw_noirq hook being absent, the clock will be disabled in a unbalanced call which results the warning above.
imx_uart_freeze() clk_prepare_enable() imx_uart_suspend_noirq() clk_disable() imx_uart_thaw clk_disable_unprepare()
Adding the missing .thaw_noirq hook as imx_uart_resume_noirq() will have the call sequence corrected as below and thus fix the warning.
imx_uart_freeze() clk_prepare_enable() imx_uart_suspend_noirq() clk_disable() imx_uart_resume_noirq() clk_enable() imx_uart_thaw clk_disable_unprepare()
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 03/14/2026
The vulnerability described in CVE-2022-49841 pertains to a missing power management hook within the Linux kernel's serial driver implementation for i.MX SoC platforms. Specifically, this issue affects the handling of UART (Universal Asynchronous Receiver-Transmitter) devices during system hibernation cycles. The problem manifests when a non-console UART instance is involved, leading to an unbalanced clock disable operation that triggers a kernel warning. The warning indicates that a clock has already been disabled, which suggests improper state management during the hibernation resume sequence. This flaw occurs because the platform's power management framework expects certain hooks to be implemented in a specific order, but the missing .thaw_noirq hook disrupts this expected sequence.
The technical root cause lies in the incorrect implementation of the power management callbacks for the i.MX UART driver. During system hibernation, the kernel's power management core invokes a series of hooks in a defined order including .freeze, .freeze_noirq, .thaw_noirq, and .thaw. The missing .thaw_noirq hook leads to an improper sequence where clock operations are not correctly balanced. When the system resumes from hibernation, the imx_uart_thaw function attempts to disable a clock that has already been disabled by the suspend path, resulting in the warning message and potential system instability. The existing code properly handles the freeze and suspend paths with clk_prepare_enable() and clk_disable() respectively, but fails to correctly manage the resume path through the missing hook.
The operational impact of this vulnerability extends beyond mere warning messages, as it can lead to system instability during hibernation operations and potentially affect device functionality. The issue specifically affects embedded systems using i.MX SoC platforms that rely on serial communication for console or other critical operations. From an ATT&CK perspective, this vulnerability could be leveraged to cause denial of service conditions during system power management events, impacting system availability. The vulnerability aligns with CWE-691, which addresses Insufficient Control Flow Management, as the missing hook causes improper control flow during power state transitions. The improper clock handling during hibernation can result in unpredictable behavior, especially in embedded systems where reliable power management is crucial for device operation.
Mitigation of this vulnerability requires the implementation of the missing .thaw_noirq hook in the i.MX UART driver. The fix involves adding the imx_uart_resume_noirq() function as the .thaw_noirq callback, which ensures that clock operations are properly balanced during the hibernation resume sequence. This correction restores the expected sequence of operations where clk_enable() is called during the resume_noirq phase, followed by clk_disable_unprepare() during the thaw phase. The solution maintains consistency with the power management framework's expectations and prevents the unbalanced clock operations that were causing the warning. System administrators should ensure that affected kernels are updated with patches that include this missing hook implementation, particularly in embedded systems where hibernation functionality is utilized. The fix also aligns with industry best practices for power management in embedded Linux systems and addresses the fundamental control flow issue that was causing the improper clock state management during system transitions.