CVE-2022-49543

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49543
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49543.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-49543
Downstream
Related
Published
2025-02-26T02:13:57Z
Modified
2025-10-21T10:26:54.174600Z
Summary
ath11k: fix the warning of dev_wake in mhi_pm_disable_transition()
Details

In the Linux kernel, the following vulnerability has been resolved:

ath11k: fix the warning of devwake in mhipmdisabletransition()

When test device recovery with below command, it has warning in message as below. echo assert > /sys/kernel/debug/ath11k/wcn6855\ hw2.0/simulatefwcrash echo assert > /sys/kernel/debug/ath11k/qca6390\ hw2.0/simulatefwcrash

warning message: [ 1965.642121] ath11kpci 0000:06:00.0: simulating firmware assert crash [ 1968.471364] ieee80211 phy0: Hardware restart was requested [ 1968.511305] ------------[ cut here ]------------ [ 1968.511368] WARNING: CPU: 3 PID: 1546 at drivers/bus/mhi/core/pm.c:505 mhipmdisabletransition+0xb37/0xda0 [mhi] [ 1968.511443] Modules linked in: ath11kpci ath11k mac80211 libarc4 cfg80211 qmihelpers qrtrmhi mhi qrtr nvme nvmecore [ 1968.511563] CPU: 3 PID: 1546 Comm: kworker/u17:0 Kdump: loaded Tainted: G W 5.17.0-rc3-wt-ath+ #579 [ 1968.511629] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021 [ 1968.511704] Workqueue: mhihipriowq mhipmstworker [mhi] [ 1968.511787] RIP: 0010:mhipmdisabletransition+0xb37/0xda0 [mhi] [ 1968.511870] Code: a9 fe ff ff 4c 89 ff 44 89 04 24 e8 03 46 f6 e5 44 8b 04 24 41 83 f8 01 0f 84 21 fe ff ff e9 4c fd ff ff 0f 0b e9 af f8 ff ff <0f> 0b e9 5c f8 ff ff 48 89 df e8 da 9e ee e3 e9 12 fd ff ff 4c 89 [ 1968.511923] RSP: 0018:ffffc900024efbf0 EFLAGS: 00010286 [ 1968.511969] RAX: 00000000ffffffff RBX: ffff88811d241250 RCX: ffffffffc0176922 [ 1968.512014] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff888118a90a24 [ 1968.512059] RBP: ffff888118a90800 R08: 0000000000000000 R09: ffff888118a90a27 [ 1968.512102] R10: ffffed1023152144 R11: 0000000000000001 R12: ffff888118a908ac [ 1968.512229] R13: ffff888118a90928 R14: dffffc0000000000 R15: ffff888118a90a24 [ 1968.512310] FS: 0000000000000000(0000) GS:ffff888234200000(0000) knlGS:0000000000000000 [ 1968.512405] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1968.512493] CR2: 00007f5538f443a8 CR3: 000000016dc28001 CR4: 00000000003706e0 [ 1968.512587] Call Trace: [ 1968.512672] <TASK> [ 1968.512751] ? rawspinunlockirq+0x1f/0x40 [ 1968.512859] mhipmstworker+0x3ac/0x790 [mhi] [ 1968.512959] ? mhipmmissionmodetransition.isra.0+0x7d0/0x7d0 [mhi] [ 1968.513063] processonework+0x86a/0x1400 [ 1968.513184] ? pwqdecnrinflight+0x230/0x230 [ 1968.513312] ? movelinkedworks+0x125/0x290 [ 1968.513416] workerthread+0x6db/0xf60 [ 1968.513536] ? processonework+0x1400/0x1400 [ 1968.513627] kthread+0x241/0x2d0 [ 1968.513733] ? kthreadcompleteandexit+0x20/0x20 [ 1968.513821] retfrom_fork+0x22/0x30 [ 1968.513924] </TASK>

Reason is mhideassertdevwake() from mhideviceput() is called but mhiassertdevwake() from _mhidevicegetsync() is not called in progress of recovery. Commit 8e0559921f9a ("bus: mhi: core: Skip device wake in error or shutdown state") add check for the pmstate of mhi in _mhidevicegetsync(), and the pmstate is not the normal state untill recovery is completed, so it leads the devwake is not 0 and above warning print in mhipmdisabletransition() while checking mhicntrl->devwake.

Add check in ath11kpciwrite32()/ath11kpciread32() to skip call mhideviceput() if mhideviceget_sync() does not really do wake, then the warning gone.

Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03003-QCAHSPSWPLV1V2SILICONZLITE-2

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d5c65159f2895379e11ca13f62feabe93278985d
Fixed
5f18206cddae033c488e4879f198699092ca0524
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d5c65159f2895379e11ca13f62feabe93278985d
Fixed
a2d9b7357469949ad02f511fc69f8fa3a1afbf89
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d5c65159f2895379e11ca13f62feabe93278985d
Fixed
0d7a8a6204ea9271f1d0a8c66a9fd2f54d2e3cbc

Affected versions

v5.*

v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.17.10
v5.17.11
v5.17.12
v5.17.13
v5.17.2
v5.17.3
v5.17.4
v5.17.5
v5.17.6
v5.17.7
v5.17.8
v5.17.9
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.18.2
v5.4
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8

Database specific

vanir_signatures

[
    {
        "id": "CVE-2022-49543-0d352ccf",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "126772709043010775318709566661833761368",
                "253288493852665646378661184750730231860",
                "67076257727456289760515967024700450801",
                "195583001576043995048249869201736464570",
                "328646564087105622051845221920625086539",
                "84072360780795705219497372552888717768",
                "170097094478900416717748396372249344704",
                "323192831347521532468236837706854751266",
                "166855527513578245165873440016445903801",
                "107610835099654833961761265189759669949",
                "286321413083800993215526209587949604371",
                "231067981401251316214334407848428546510",
                "308998588821858484620045901392167400423",
                "193021305044432061591785781706321142228",
                "117532188371388642187550486772893247023",
                "121464815475751943359455324652957169566",
                "328646564087105622051845221920625086539",
                "84072360780795705219497372552888717768",
                "73996139149541113165697864705888434717",
                "16616572571215005202215718747951754489",
                "166855527513578245165873440016445903801",
                "107610835099654833961761265189759669949",
                "331439440776239526365617428166532722276",
                "48562116241217702528207927071809745998"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "drivers/net/wireless/ath/ath11k/pci.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a2d9b7357469949ad02f511fc69f8fa3a1afbf89",
        "signature_type": "Line"
    },
    {
        "id": "CVE-2022-49543-0f9007b3",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 930.0,
            "function_hash": "184488199668043625619485145413977039503"
        },
        "target": {
            "function": "ath11k_pci_read32",
            "file": "drivers/net/wireless/ath/ath11k/pci.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a2d9b7357469949ad02f511fc69f8fa3a1afbf89",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2022-49543-5433810c",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "126772709043010775318709566661833761368",
                "253288493852665646378661184750730231860",
                "67076257727456289760515967024700450801",
                "195583001576043995048249869201736464570",
                "328646564087105622051845221920625086539",
                "84072360780795705219497372552888717768",
                "170097094478900416717748396372249344704",
                "323192831347521532468236837706854751266",
                "166855527513578245165873440016445903801",
                "107610835099654833961761265189759669949",
                "286321413083800993215526209587949604371",
                "231067981401251316214334407848428546510",
                "308998588821858484620045901392167400423",
                "193021305044432061591785781706321142228",
                "117532188371388642187550486772893247023",
                "121464815475751943359455324652957169566",
                "328646564087105622051845221920625086539",
                "84072360780795705219497372552888717768",
                "73996139149541113165697864705888434717",
                "16616572571215005202215718747951754489",
                "166855527513578245165873440016445903801",
                "107610835099654833961761265189759669949",
                "331439440776239526365617428166532722276",
                "48562116241217702528207927071809745998"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "drivers/net/wireless/ath/ath11k/pci.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5f18206cddae033c488e4879f198699092ca0524",
        "signature_type": "Line"
    },
    {
        "id": "CVE-2022-49543-88617b6e",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 931.0,
            "function_hash": "15487147384912932104625172294544366673"
        },
        "target": {
            "function": "ath11k_pci_write32",
            "file": "drivers/net/wireless/ath/ath11k/pci.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a2d9b7357469949ad02f511fc69f8fa3a1afbf89",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2022-49543-aa23c443",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 930.0,
            "function_hash": "184488199668043625619485145413977039503"
        },
        "target": {
            "function": "ath11k_pci_read32",
            "file": "drivers/net/wireless/ath/ath11k/pci.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5f18206cddae033c488e4879f198699092ca0524",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2022-49543-ae12f680",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 931.0,
            "function_hash": "15487147384912932104625172294544366673"
        },
        "target": {
            "function": "ath11k_pci_write32",
            "file": "drivers/net/wireless/ath/ath11k/pci.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0d7a8a6204ea9271f1d0a8c66a9fd2f54d2e3cbc",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2022-49543-d1cb8427",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "126772709043010775318709566661833761368",
                "253288493852665646378661184750730231860",
                "67076257727456289760515967024700450801",
                "195583001576043995048249869201736464570",
                "328646564087105622051845221920625086539",
                "84072360780795705219497372552888717768",
                "170097094478900416717748396372249344704",
                "323192831347521532468236837706854751266",
                "166855527513578245165873440016445903801",
                "107610835099654833961761265189759669949",
                "286321413083800993215526209587949604371",
                "231067981401251316214334407848428546510",
                "308998588821858484620045901392167400423",
                "193021305044432061591785781706321142228",
                "117532188371388642187550486772893247023",
                "121464815475751943359455324652957169566",
                "328646564087105622051845221920625086539",
                "84072360780795705219497372552888717768",
                "73996139149541113165697864705888434717",
                "16616572571215005202215718747951754489",
                "166855527513578245165873440016445903801",
                "107610835099654833961761265189759669949",
                "331439440776239526365617428166532722276",
                "48562116241217702528207927071809745998"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "drivers/net/wireless/ath/ath11k/pci.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0d7a8a6204ea9271f1d0a8c66a9fd2f54d2e3cbc",
        "signature_type": "Line"
    },
    {
        "id": "CVE-2022-49543-d31ce6f6",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 930.0,
            "function_hash": "184488199668043625619485145413977039503"
        },
        "target": {
            "function": "ath11k_pci_read32",
            "file": "drivers/net/wireless/ath/ath11k/pci.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0d7a8a6204ea9271f1d0a8c66a9fd2f54d2e3cbc",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2022-49543-f260fc36",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 931.0,
            "function_hash": "15487147384912932104625172294544366673"
        },
        "target": {
            "function": "ath11k_pci_write32",
            "file": "drivers/net/wireless/ath/ath11k/pci.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5f18206cddae033c488e4879f198699092ca0524",
        "signature_type": "Function"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.6.0
Fixed
5.17.14
Type
ECOSYSTEM
Events
Introduced
5.18.0
Fixed
5.18.3