CVE-2022-48761

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.15.5

Description: The vulnerability is related to the xhci-plat component in the Linux kernel, which is responsible for handling USB connections. The issue arises when the system is suspended and remote wake is enabled, causing a crash due to a synchronous external abort. This problem was hidden by the power domain driver, which called runtime resume before suspend, but a commit removed this call, making the issue happen. The vulnerability can be exploited by an attacker to cause a denial of service.

Recommendations: To resolve the issue, update the Linux kernel to a version that includes the fix for the vulnerability, specifically the patch that calls runtime resume before suspend to ensure the clock is on before accessing the register. At the moment, there is no information about a newer version that contains a fix for this vulnerability.