CVE-2022-49132

[ 473.693286] PM: Suspending system (s2idle) [ 473.693291] printk: Suspending console(s) (use noconsolesuspend to debug) [ 474.407787] BUG: unable to handle page fault for address: 0000000000002070 [ 474.407791] #PF: supervisor read access in kernel mode [ 474.407794] #PF: errorcode(0x0000) - not-present page [ 474.407798] PGD 0 P4D 0 [ 474.407801] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 474.407805] CPU: 2 PID: 2350 Comm: kworker/u32:14 Tainted: G W 5.16.0 #248 [...] [ 474.407868] Call Trace: [ 474.407870] <TASK> [ 474.407874] ? _rawspinlockirqsave+0x2a/0x60 [ 474.407882] ? locktimerbase+0x72/0xa0 [ 474.407889] ? rawspinunlockirqrestore+0x29/0x3d [ 474.407892] ? trytodeltimersync+0x54/0x80 [ 474.407896] ath11kdprxpktlogstop+0x49/0xc0 [ath11k] [ 474.407912] ath11kcoresuspend+0x34/0x130 [ath11k] [ 474.407923] ath11kpcipmsuspend+0x1b/0x50 [ath11kpci] [ 474.407928] pcipmsuspend+0x7e/0x170 [ 474.407935] ? pcipmfreeze+0xc0/0xc0 [ 474.407939] dpmruncallback+0x4e/0x150 [ 474.407947] _devicesuspend+0x148/0x4c0 [ 474.407951] asyncsuspend+0x20/0x90 dmesg-efi-164255130401001: Oops#1 Part1 [ 474.407955] asyncrunentryfn+0x33/0x120 [ 474.407959] processonework+0x220/0x3f0 [ 474.407966] workerthread+0x4a/0x3d0 [ 474.407971] kthread+0x17a/0x1a0 [ 474.407975] ? processonework+0x3f0/0x3f0 [ 474.407979] ? setkthreadstruct+0x40/0x40 [ 474.407983] retfrom_fork+0x22/0x30 [ 474.407991] </TASK>

The issue here is that board file loading happens after ath11kpciprobe() succesfully returns (ath11k initialisation happends asynchronously) and the suspend handler is still enabled, of course failing as ath11k is not properly initialised. Fix this by checking ATH11KFLAGQMI_FAIL during both suspend and resume.

Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03003-QCAHSPSWPLV1V2SILICONZLITE-2

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

d5c65159f2895379e11ca13f62feabe93278985d

Fixed

fed4cef115ab21a18faf499b3fa9b9a4b544f941

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

d5c65159f2895379e11ca13f62feabe93278985d

Fixed

f3c5ef433da82d257337424b3647ce9dcb37d4b5

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

d5c65159f2895379e11ca13f62feabe93278985d

Fixed

aeed776c00e804a0f7896db39c7c661cea34ee1f

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

d5c65159f2895379e11ca13f62feabe93278985d

Fixed

b4f4c56459a5c744f7f066b9fc2b54ea995030c5

Affected versions

v5.*

v5.10

v5.10-rc1

v5.10-rc2

v5.10-rc3

v5.10-rc4

v5.10-rc5

v5.10-rc6

v5.10-rc7

v5.11

v5.11-rc1

v5.11-rc2

v5.11-rc3

v5.11-rc4

v5.11-rc5

v5.11-rc6

v5.11-rc7

v5.12

v5.12-rc1

v5.12-rc1-dontuse

v5.12-rc2

v5.12-rc3

v5.12-rc4

v5.12-rc5

v5.12-rc6

v5.12-rc7

v5.12-rc8

v5.13

v5.13-rc1

v5.13-rc2

v5.13-rc3

v5.13-rc4

v5.13-rc5

v5.13-rc6

v5.13-rc7

v5.14

v5.14-rc1

v5.14-rc2

v5.14-rc3

v5.14-rc4

v5.14-rc5

v5.14-rc6

v5.14-rc7

v5.15

v5.15-rc1

v5.15-rc2

v5.15-rc3

v5.15-rc4

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.15.1

v5.15.10

v5.15.11

v5.15.12

v5.15.13

v5.15.14

v5.15.15

v5.15.16

v5.15.17

v5.15.18

v5.15.19

v5.15.2

v5.15.20

v5.15.21

v5.15.22

v5.15.23

v5.15.24

v5.15.25

v5.15.26

v5.15.27

v5.15.28

v5.15.29

v5.15.3

v5.15.30

v5.15.31

v5.15.32

v5.15.33

v5.15.4

v5.15.5

v5.15.6

v5.15.7

v5.15.8

v5.15.9

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.16.1

v5.16.10

v5.16.11

v5.16.12

v5.16.13

v5.16.14

v5.16.15

v5.16.16

v5.16.17

v5.16.18

v5.16.19

v5.16.2

v5.16.3

v5.16.4

v5.16.5

v5.16.6

v5.16.7

v5.16.8

v5.16.9

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.17.1

v5.17.2

v5.4

v5.4-rc6

v5.4-rc7

v5.4-rc8

v5.5

v5.5-rc1

v5.5-rc2

v5.5-rc3

v5.5-rc4

v5.5-rc5

v5.5-rc6

v5.5-rc7

v5.6

v5.6-rc1

v5.6-rc2

v5.6-rc3

v5.6-rc4

v5.6-rc5

v5.6-rc6

v5.6-rc7

v5.7

v5.7-rc1

v5.7-rc2

v5.7-rc3

v5.7-rc4

v5.7-rc5

v5.7-rc6

v5.7-rc7

v5.8

v5.8-rc1

v5.8-rc2

v5.8-rc3

v5.8-rc4

v5.8-rc5

v5.8-rc6

v5.8-rc7

v5.9

v5.9-rc1

v5.9-rc2

v5.9-rc3

v5.9-rc4

v5.9-rc5

v5.9-rc6

v5.9-rc7

v5.9-rc8

Database specific

vanir_signatures

[
    {
        "id": "CVE-2022-49132-272dda19",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b4f4c56459a5c744f7f066b9fc2b54ea995030c5",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "88832925128698567088346764160475459681",
                "281527576647134202073375568491727842422",
                "64207412618424575027680607275252850484",
                "269004578257681199716055898747960608015",
                "111783634103466129328447654924094951613",
                "17237773550206849624259733958411548856"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "drivers/net/wireless/ath/ath11k/pci.c"
        }
    },
    {
        "id": "CVE-2022-49132-4a7f9d73",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f3c5ef433da82d257337424b3647ce9dcb37d4b5",
        "signature_version": "v1",
        "digest": {
            "length": 197.0,
            "function_hash": "274352960104413565507433628951086324520"
        },
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "function": "ath11k_pci_pm_suspend",
            "file": "drivers/net/wireless/ath/ath11k/pci.c"
        }
    },
    {
        "id": "CVE-2022-49132-534603c4",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aeed776c00e804a0f7896db39c7c661cea34ee1f",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "88832925128698567088346764160475459681",
                "281527576647134202073375568491727842422",
                "64207412618424575027680607275252850484",
                "269004578257681199716055898747960608015",
                "111783634103466129328447654924094951613",
                "17237773550206849624259733958411548856"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "drivers/net/wireless/ath/ath11k/pci.c"
        }
    },
    {
        "id": "CVE-2022-49132-72521fdb",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aeed776c00e804a0f7896db39c7c661cea34ee1f",
        "signature_version": "v1",
        "digest": {
            "length": 196.0,
            "function_hash": "112618126440754824902436528906742190994"
        },
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "function": "ath11k_pci_pm_resume",
            "file": "drivers/net/wireless/ath/ath11k/pci.c"
        }
    },
    {
        "id": "CVE-2022-49132-817d7efd",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fed4cef115ab21a18faf499b3fa9b9a4b544f941",
        "signature_version": "v1",
        "digest": {
            "length": 196.0,
            "function_hash": "112618126440754824902436528906742190994"
        },
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "function": "ath11k_pci_pm_resume",
            "file": "drivers/net/wireless/ath/ath11k/pci.c"
        }
    },
    {
        "id": "CVE-2022-49132-8b38ff5c",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aeed776c00e804a0f7896db39c7c661cea34ee1f",
        "signature_version": "v1",
        "digest": {
            "length": 197.0,
            "function_hash": "274352960104413565507433628951086324520"
        },
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "function": "ath11k_pci_pm_suspend",
            "file": "drivers/net/wireless/ath/ath11k/pci.c"
        }
    },
    {
        "id": "CVE-2022-49132-a011deb5",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fed4cef115ab21a18faf499b3fa9b9a4b544f941",
        "signature_version": "v1",
        "digest": {
            "length": 197.0,
            "function_hash": "274352960104413565507433628951086324520"
        },
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "function": "ath11k_pci_pm_suspend",
            "file": "drivers/net/wireless/ath/ath11k/pci.c"
        }
    },
    {
        "id": "CVE-2022-49132-a4e4f6de",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b4f4c56459a5c744f7f066b9fc2b54ea995030c5",
        "signature_version": "v1",
        "digest": {
            "length": 196.0,
            "function_hash": "112618126440754824902436528906742190994"
        },
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "function": "ath11k_pci_pm_resume",
            "file": "drivers/net/wireless/ath/ath11k/pci.c"
        }
    },
    {
        "id": "CVE-2022-49132-adcebe93",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fed4cef115ab21a18faf499b3fa9b9a4b544f941",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "88832925128698567088346764160475459681",
                "281527576647134202073375568491727842422",
                "64207412618424575027680607275252850484",
                "269004578257681199716055898747960608015",
                "111783634103466129328447654924094951613",
                "17237773550206849624259733958411548856"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "drivers/net/wireless/ath/ath11k/pci.c"
        }
    },
    {
        "id": "CVE-2022-49132-b51b4d7b",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b4f4c56459a5c744f7f066b9fc2b54ea995030c5",
        "signature_version": "v1",
        "digest": {
            "length": 197.0,
            "function_hash": "274352960104413565507433628951086324520"
        },
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "function": "ath11k_pci_pm_suspend",
            "file": "drivers/net/wireless/ath/ath11k/pci.c"
        }
    },
    {
        "id": "CVE-2022-49132-b66937d7",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f3c5ef433da82d257337424b3647ce9dcb37d4b5",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "88832925128698567088346764160475459681",
                "281527576647134202073375568491727842422",
                "64207412618424575027680607275252850484",
                "269004578257681199716055898747960608015",
                "111783634103466129328447654924094951613",
                "17237773550206849624259733958411548856"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "drivers/net/wireless/ath/ath11k/pci.c"
        }
    },
    {
        "id": "CVE-2022-49132-f8de2eec",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f3c5ef433da82d257337424b3647ce9dcb37d4b5",
        "signature_version": "v1",
        "digest": {
            "length": 196.0,
            "function_hash": "112618126440754824902436528906742190994"
        },
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "function": "ath11k_pci_pm_resume",
            "file": "drivers/net/wireless/ath/ath11k/pci.c"
        }
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.6.0

Fixed

5.15.34

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

5.16.20

Type: ECOSYSTEM
Events: Introduced

5.17.0

Fixed

5.17.3