CVE-2022-48812

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to errors in resource management in the Linux kernel's net component. Exploitation of this issue may allow an attacker to cause a denial of service. The problem is associated with the use of devres for mdiobus allocation and registration in the lantiq gswip driver. The mdiobus free function will panic when called from devm mdiobus free, which is triggered by devres release all and device release driver, because the mdiobus was not previously unregistered. This issue applies to platform devices like the GSWIP switch, where the DSA master is on a bus that calls remove from shutdown, creating a device link between the switch and the DSA master. The solution involves either using devres for both mdiobus allocation and registration or not using devres at all.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.