CVE-2022-48783

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a use-after-free vulnerability in the gswip remove() function of the Lantiq / Intel GSWIP driver in the Linux kernel. This vulnerability is associated with the reuse of previously freed memory. Exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is located in the drivers/net/dsa/lantiq gswip.c module. Technical details about exploitation include the incorrect order of operations, specifically that of node put(priv->ds->slave mii bus->dev.of node) should be done before mdiobus free(priv->ds->slave mii bus).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.