CVE & CISA-KEV Catalog

CVE-2022-49192

MEDIUM
5.5
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: drivers: ethernet: cpsw: fix panic when interrupt coaleceing is set via ethtool cpsw_ethtool_begin directly returns the result of pm_runtime_get_sync when successful. pm_runtime_get_sync returns -error code on failure and 0 on successful resume but also 1 when the device is already active. So the common case for cpsw_ethtool_begin is to return 1. That leads to inconsistent calls to pm_runtime_put in the call-chain so that pm_runtime_put is called one too many times and as result leaving the cpsw dev behind suspended. The suspended cpsw dev leads to an access violation later on by different parts of the cpsw driver. Fix this by calling the return-friendly pm_runtime_resume_and_get function.

How to fix

Remediation Available
linuxDebian
Fixed in:5.17.3-1CVE-2022-49192
Fixed in:5.17.3-1CVE-2022-49192
Fixed in:5.17.3-1CVE-2022-49192

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.25%probability of exploitation in 30 days
16thpercentile

Low risk: more likely to be exploited than 16% of all known CVEs.

References

Embed a live status badge for CVE-2022-49192
CVE-2022-49192 severity badge

Markdown

[![CVE-2022-49192](https://tridentstack.com/cve/badge/CVE-2022-49192.svg)](https://tridentstack.com/cve/CVE-2022-49192)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-49192"><img src="https://tridentstack.com/cve/badge/CVE-2022-49192.svg" alt="CVE-2022-49192"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-10-21.