CVE-2022-48814

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the incorrect handling of resource identifiers in the Linux kernel's net component, specifically in the DSA (Distributed Switch Architecture) driver for the Seville VSC9959 switch. When the DSA master is on a bus that calls ->remove from ->shutdown, there is a device link between the switch and the DSA master, and device links unbind consumers() will unbind the Seville switch driver on shutdown. This can cause mdiobus free() to panic when called from devm mdiobus free() if the mdiobus was not previously unregistered. The same treatment must be applied to all DSA switch drivers, which is to either use devres for both the mdiobus allocation and registration or not use devres at all.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.