CVE-2022-48815

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to errors in resource management in the Linux kernel's net component. It may allow an attacker to cause a denial of service. The problem occurs when mdiobus free() is called from devm mdiobus free(), leading to a panic if the mdiobus was not previously unregistered. This issue applies to platform devices like the Starfighter 2, where the DSA master is on a bus that calls ->remove from ->shutdown. The bcm sf2 driver has the necessary code structure for orderly mdiobus removal, and the solution involves replacing devm mdiobus alloc() with the non-devres variant and adding manual free where necessary.

Recommendations To resolve the issue, replace devm mdiobus alloc() with the non-devres variant in the bcm sf2 driver, and add manual free where necessary to ensure that devres does not free a still-registered bus. At the moment, there is no information about a newer version that contains a fix for this vulnerability.