{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T12:47:21.097","vulnerabilities":[{"cve":{"id":"CVE-2022-50491","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-10-04T16:15:46.073","lastModified":"2026-03-25T00:32:51.827","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: cti: Fix hang in cti_disable_hw()\n\ncti_enable_hw() and cti_disable_hw() are called from an atomic context\nso shouldn't use runtime PM because it can result in a sleep when\ncommunicating with firmware.\n\nSince commit 3c6656337852 (\"Revert \"firmware: arm_scmi: Add clock\nmanagement to the SCMI power domain\"\"), this causes a hang on Juno when\nrunning the Perf Coresight tests or running this command:\n\n  perf record -e cs_etm//u -- ls\n\nThis was also missed until the revert commit because pm_runtime_put()\nwas called with the wrong device until commit 692c9a499b28 (\"coresight:\ncti: Correct the parameter for pm_runtime_put\")\n\nWith lock and scheduler debugging enabled the following is output:\n\n   coresight cti_sys0: cti_enable_hw -- dev:cti_sys0  parent: 20020000.cti\n   BUG: sleeping function called from invalid context at drivers/base/power/runtime.c:1151\n   in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 330, name: perf-exec\n   preempt_count: 2, expected: 0\n   RCU nest depth: 0, expected: 0\n   INFO: lockdep is turned off.\n   irq event stamp: 0\n   hardirqs last  enabled at (0): [<0000000000000000>] 0x0\n   hardirqs last disabled at (0): [<ffff80000822b394>] copy_process+0xa0c/0x1948\n   softirqs last  enabled at (0): [<ffff80000822b394>] copy_process+0xa0c/0x1948\n   softirqs last disabled at (0): [<0000000000000000>] 0x0\n   CPU: 3 PID: 330 Comm: perf-exec Not tainted 6.0.0-00053-g042116d99298 #7\n   Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development Platform, BIOS EDK II Sep 13 2022\n   Call trace:\n    dump_backtrace+0x134/0x140\n    show_stack+0x20/0x58\n    dump_stack_lvl+0x8c/0xb8\n    dump_stack+0x18/0x34\n    __might_resched+0x180/0x228\n    __might_sleep+0x50/0x88\n    __pm_runtime_resume+0xac/0xb0\n    cti_enable+0x44/0x120\n    coresight_control_assoc_ectdev+0xc0/0x150\n    coresight_enable_path+0xb4/0x288\n    etm_event_start+0x138/0x170\n    etm_event_add+0x48/0x70\n    event_sched_in.isra.122+0xb4/0x280\n    merge_sched_in+0x1fc/0x3d0\n    visit_groups_merge.constprop.137+0x16c/0x4b0\n    ctx_sched_in+0x114/0x1f0\n    perf_event_sched_in+0x60/0x90\n    ctx_resched+0x68/0xb0\n    perf_event_exec+0x138/0x508\n    begin_new_exec+0x52c/0xd40\n    load_elf_binary+0x6b8/0x17d0\n    bprm_execve+0x360/0x7f8\n    do_execveat_common.isra.47+0x218/0x238\n    __arm64_sys_execve+0x48/0x60\n    invoke_syscall+0x4c/0x110\n    el0_svc_common.constprop.4+0xfc/0x120\n    do_el0_svc+0x34/0xc0\n    el0_svc+0x40/0x98\n    el0t_64_sync_handler+0x98/0xc0\n    el0t_64_sync+0x170/0x174\n\nFix the issue by removing the runtime PM calls completely. They are not\nneeded here because it must have already been done when building the\npath for a trace.\n\n[ Fix build warnings ]"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"5.10.154","matchCriteriaId":"CABD39F1-EBF4-4697-9B6A-AA778FAC9FE5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.77","matchCriteriaId":"756161DE-EFE3-4008-964A-DFE360B188B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.0.7","matchCriteriaId":"65D387F0-209C-4EAD-98BA-C4B430A840C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*","matchCriteriaId":"E7E331DA-1FB0-4DEC-91AC-7DA69D461C11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*","matchCriteriaId":"17F0B248-42CF-4AE6-A469-BB1BAE7F4705"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4c365a0c21aaf2b8fcc88de8dc298803288f61ac","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6746eae4bbaddcc16b40efb33dab79210828b3ce","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c51cfba50df8b9e16bfe0e6d4f2f252a4a10063d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e33ce54cef5d429430e3b1ae5c8ee4f4103c4fdc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}