{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50491","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-10-04T15:39:19.463Z","datePublished":"2025-10-04T15:43:44.470Z","dateUpdated":"2026-05-11T19:20:30.117Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:20:30.117Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: cti: Fix hang in cti_disable_hw()\n\ncti_enable_hw() and cti_disable_hw() are called from an atomic context\nso shouldn't use runtime PM because it can result in a sleep when\ncommunicating with firmware.\n\nSince commit 3c6656337852 (\"Revert \"firmware: arm_scmi: Add clock\nmanagement to the SCMI power domain\"\"), this causes a hang on Juno when\nrunning the Perf Coresight tests or running this command:\n\n  perf record -e cs_etm//u -- ls\n\nThis was also missed until the revert commit because pm_runtime_put()\nwas called with the wrong device until commit 692c9a499b28 (\"coresight:\ncti: Correct the parameter for pm_runtime_put\")\n\nWith lock and scheduler debugging enabled the following is output:\n\n   coresight cti_sys0: cti_enable_hw -- dev:cti_sys0  parent: 20020000.cti\n   BUG: sleeping function called from invalid context at drivers/base/power/runtime.c:1151\n   in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 330, name: perf-exec\n   preempt_count: 2, expected: 0\n   RCU nest depth: 0, expected: 0\n   INFO: lockdep is turned off.\n   irq event stamp: 0\n   hardirqs last  enabled at (0): [<0000000000000000>] 0x0\n   hardirqs last disabled at (0): [<ffff80000822b394>] copy_process+0xa0c/0x1948\n   softirqs last  enabled at (0): [<ffff80000822b394>] copy_process+0xa0c/0x1948\n   softirqs last disabled at (0): [<0000000000000000>] 0x0\n   CPU: 3 PID: 330 Comm: perf-exec Not tainted 6.0.0-00053-g042116d99298 #7\n   Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development Platform, BIOS EDK II Sep 13 2022\n   Call trace:\n    dump_backtrace+0x134/0x140\n    show_stack+0x20/0x58\n    dump_stack_lvl+0x8c/0xb8\n    dump_stack+0x18/0x34\n    __might_resched+0x180/0x228\n    __might_sleep+0x50/0x88\n    __pm_runtime_resume+0xac/0xb0\n    cti_enable+0x44/0x120\n    coresight_control_assoc_ectdev+0xc0/0x150\n    coresight_enable_path+0xb4/0x288\n    etm_event_start+0x138/0x170\n    etm_event_add+0x48/0x70\n    event_sched_in.isra.122+0xb4/0x280\n    merge_sched_in+0x1fc/0x3d0\n    visit_groups_merge.constprop.137+0x16c/0x4b0\n    ctx_sched_in+0x114/0x1f0\n    perf_event_sched_in+0x60/0x90\n    ctx_resched+0x68/0xb0\n    perf_event_exec+0x138/0x508\n    begin_new_exec+0x52c/0xd40\n    load_elf_binary+0x6b8/0x17d0\n    bprm_execve+0x360/0x7f8\n    do_execveat_common.isra.47+0x218/0x238\n    __arm64_sys_execve+0x48/0x60\n    invoke_syscall+0x4c/0x110\n    el0_svc_common.constprop.4+0xfc/0x120\n    do_el0_svc+0x34/0xc0\n    el0_svc+0x40/0x98\n    el0t_64_sync_handler+0x98/0xc0\n    el0t_64_sync+0x170/0x174\n\nFix the issue by removing the runtime PM calls completely. They are not\nneeded here because it must have already been done when building the\npath for a trace.\n\n[ Fix build warnings ]"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/hwtracing/coresight/coresight-cti-core.c"],"versions":[{"version":"835d722ba10ac924adba1e8a46f2d80955222b4b","lessThan":"e33ce54cef5d429430e3b1ae5c8ee4f4103c4fdc","status":"affected","versionType":"git"},{"version":"835d722ba10ac924adba1e8a46f2d80955222b4b","lessThan":"4c365a0c21aaf2b8fcc88de8dc298803288f61ac","status":"affected","versionType":"git"},{"version":"835d722ba10ac924adba1e8a46f2d80955222b4b","lessThan":"c51cfba50df8b9e16bfe0e6d4f2f252a4a10063d","status":"affected","versionType":"git"},{"version":"835d722ba10ac924adba1e8a46f2d80955222b4b","lessThan":"6746eae4bbaddcc16b40efb33dab79210828b3ce","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/hwtracing/coresight/coresight-cti-core.c"],"versions":[{"version":"5.7","status":"affected"},{"version":"0","lessThan":"5.7","status":"unaffected","versionType":"semver"},{"version":"5.10.154","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.77","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.0.7","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"5.10.154"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"5.15.77"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"6.0.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"6.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/e33ce54cef5d429430e3b1ae5c8ee4f4103c4fdc"},{"url":"https://git.kernel.org/stable/c/4c365a0c21aaf2b8fcc88de8dc298803288f61ac"},{"url":"https://git.kernel.org/stable/c/c51cfba50df8b9e16bfe0e6d4f2f252a4a10063d"},{"url":"https://git.kernel.org/stable/c/6746eae4bbaddcc16b40efb33dab79210828b3ce"}],"title":"coresight: cti: Fix hang in cti_disable_hw()","x_generator":{"engine":"bippy-1.2.0"}}}}