PT-2025-8546 · Linux+2 · Linux Kernel+2

Published

2022-06-30

Updated

2025-04-14

CVE-2022-49613

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.18

Description The issue arises in the Linux kernel when the console is enabled, and the univ8250 console setup() function calls serial8250 console setup() before the .dev is set to uart port. This results in pm runtime get sync() not being called, leading to a PM usage count warning when univ8250 console exit() is called later. The problem is triggered by the serial8250 register ports() function not calling pm runtime get sync() when the .dev is set for an uart port with console enabled.

Recommendations To fix the issue, call pm runtime get sync() in serial8250 register ports() as soon as .dev is set for an uart port if it has console enabled.

Exploit

Fix

Improper Access Control

Incorrect Privilege Assignment

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-266CWE-200

Related Identifiers

BDU:2026-03877

CVE-2022-49613

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1241-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-8546 · Linux+2 · Linux Kernel+2

CVE-2022-49613

Weakness Enumeration

Related Identifiers

Affected Products

References · 1334