CVE-2022-48813

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to errors in resource management. When mdiobus free() is called from devm mdiobus free(), it will panic if the mdiobus was not previously unregistered. This can occur when the DSA master is on a bus that calls ->remove from ->shutdown, and there is a device link between the switch and the DSA master. The Felix VSC9959 switch, a PCI device, is affected by this issue. To resolve this, the same treatment must be applied to all DSA switch drivers, which is to either use devres for both the mdiobus allocation and registration, or don't use devres at all.

Recommendations Replace devm mdiobus alloc size() with the non-devres variant, and add manual free where necessary, to ensure that devres does not free a still-registered bus. As a temporary workaround, consider disabling the mdiobus free() function until a patch is available. Restrict access to the vulnerable mdiobus module to minimize the risk of exploitation. Avoid using the devres parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.