Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-50202— PM: hibernate: defer device probing when resuming from hibernation

EPSS 0.05% · P16
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-50202

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
PM: hibernate: defer device probing when resuming from hibernation
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: defer device probing when resuming from hibernation syzbot is reporting hung task at misc_open() [1], for there is a race window of AB-BA deadlock which involves probe_count variable. Currently wait_for_device_probe() from snapshot_open() from misc_open() can sleep forever with misc_mtx held if probe_count cannot become 0. When a device is probed by hub_event() work function, probe_count is incremented before the probe function starts, and probe_count is decremented after the probe function completed. There are three cases that can prevent probe_count from dropping to 0. (a) A device being probed stopped responding (i.e. broken/malicious hardware). (b) A process emulating a USB device using /dev/raw-gadget interface stopped responding for some reason. (c) New device probe requests keeps coming in before existing device probe requests complete. The phenomenon syzbot is reporting is (b). A process which is holding system_transition_mutex and misc_mtx is waiting for probe_count to become 0 inside wait_for_device_probe(), but the probe function which is called from hub_event() work function is waiting for the processes which are blocked at mutex_lock(&misc_mtx) to respond via /dev/raw-gadget interface. This patch mitigates (b) by deferring wait_for_device_probe() from snapshot_open() to snapshot_write() and snapshot_ioctl(). Please note that the possibility of (b) remains as long as any thread which is emulating a USB device via /dev/raw-gadget interface can be blocked by uninterruptible blocking operations (e.g. mutex_lock()). Please also note that (a) and (c) are not addressed. Regarding (c), we should change the code to wait for only one device which contains the image for resuming from hibernation. I don't know how to address (a), for use of timeout for wait_for_device_probe() might result in loss of user data in the image. Maybe we should require the userland to wait for the image device before opening /dev/snapshot interface.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于设备探测死锁,可能导致系统挂起。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux c751085943362143f84346d274e0011419c84202 ~ 8c90947e5f1801e6c7120021c6ea0f3ad6a4eb91 -
LinuxLinux 2.6.30 -

II. Public POCs for CVE-2022-50202

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-50202

登录查看更多情报信息。

Same Patch Batch · Linux · 2025-06-18 · 362 CVEs total

CVE-2022-50103sched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed
CVE-2022-50114net: 9p: fix refcount leak in p9_read_work() error handling
CVE-2022-50113ASoc: audio-graph-card2: Fix refcount leak bug in __graph_get_type()
CVE-2022-50112rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge
CVE-2022-50111ASoC: mt6359: Fix refcount leak bug
CVE-2022-50110watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource
CVE-2022-50109video: fbdev: amba-clcd: Fix refcount leak bugs
CVE-2022-50108mfd: max77620: Fix refcount leak in max77620_initialise_fps
CVE-2022-50106powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address
CVE-2022-50107cifs: Fix memory leak when using fscache
CVE-2022-50105powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader
CVE-2022-50104powerpc/xive: Fix refcount leak in xive_get_max_prio
CVE-2022-50098scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts
CVE-2022-50093iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
CVE-2022-50095posix-cpu-timers: Cleanup CPU timers before freeing them during exec
CVE-2022-50094spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
CVE-2022-50096x86/kprobes: Update kcb status flag after singlestepping
CVE-2022-50097video: fbdev: s3fb: Check the size of screen before memset_io()
CVE-2022-50100sched/core: Do not requeue task on CPU excluded from cpus_mask
CVE-2022-50102video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()

Showing top 20 of 362 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2022-50202

No comments yet

Leave a comment