CVE-2022-50029: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50029 is a vulnerability discovered in the Linux kernel, specifically affecting the clock framework for Qualcomm IPQ8074 platform's sleep clock source (gcc_sleep_clk_src). The issue was publicly disclosed on June 18, 2025, and affects various Linux distributions including Ubuntu, Debian, and Red Hat systems (NVD, Wiz).

The vulnerability occurs when USB sleep clocks are disabled, causing the clock framework to attempt disabling the sleep clock source, which cannot be disabled. This results in a warning message 'gcc_sleep_clk_src status stuck at on' and triggers a kernel warning with stack trace in the clk_branch_wait function of the clock subsystem (Wiz).

The vulnerability can lead to system warnings and potential stability issues, particularly affecting systems using the Qualcomm IPQ8074 platform, such as the Xiaomi AX9000 device. While the impact appears to be primarily related to system stability rather than security, it affects multiple Linux distributions and versions (Wiz).

The vulnerability has been resolved by adding the CLK_IS_CRITICAL flag to the clock, which prevents the kernel from attempting to disable the sleep clock. This fix has been implemented across various Linux distributions, with Ubuntu and Debian releasing patches for affected versions (Ubuntu, Debian).