Linux Kernel PM Usage Count Vulnerability in Serial Console Handover

A vulnerability in the Linux kernel's handling of power management (PM) usage counts during serial console transitions has been addressed. The issue arises in the univ8250_console_setup() function, which calls serial8250_console_setup() before the device (.dev) is assigned to the uart_port. This sequence prevents the necessary pm_runtime_get_sync() call from being made. When the driver later takes over, univ8250_console_exit() is invoked, but since the usage count is already at zero, it triggers a PM usage count underflow warning. The vulnerability affects the console management of serial ports, particularly with the univ8250 and 8250 drivers.

Impact

The vulnerability causes a runtime power management usage count underflow, which can lead to improper management of device power states.

Remediation

The vulnerability has been fixed by adjusting the pm_runtime_get_sync() call in the serial8250_register_ports() function to occur after the .dev is set for an uart_port with an enabled console.